3. HTML does not specify charset
3.1. http://a4.websitealive.com/669/Visitor/vTracker_v2.asp
3.2. http://a4.websitealive.com/669/rRouter.asp
4. Content type incorrectly stated
Severity: | High |
Confidence: | Firm |
Host: | http://a4.websitealive |
Path: | /669/Visitor/vTracker_v2 |
GET /669/Visitor/vTracker_v2 Host: a4.websitealive.com Proxy-Connection: keep-alive Referer: http://sofmen.com/ User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Cookie: ASPSESSIONIDQQQQRCBD |
HTTP/1.1 500 Internal Server Error Date: Wed, 20 Apr 2011 22:11:04 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET cache-control: no-store, must-revalidate, private Pragma: no-cache P3P: CP="NOI DSP COR CURa OUR NOR" Content-Length: 474 Content-Type: text/html Expires: Tue, 01 Jan 1980 06:00:00 GMT Cache-control: private <font face="Arial" size=2> <p>Microsoft OLE DB Provider for ODBC Drivers</font> <font face="Arial" size=2>error '80040e14'</font> <p> <font face="Arial" size=2>[MySQL][ODBC 3.51 Driver][mysqld-4.1.22 ...[SNIP]... |
Severity: | Low |
Confidence: | Certain |
Host: | http://a4.websitealive |
Path: | /669/Visitor/vButton_v3 |
GET /669/Visitor/vButton_v3 Host: a4.websitealive.com Proxy-Connection: keep-alive Referer: http://sofmen.com/ User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* |
HTTP/1.1 302 Object moved Date: Wed, 20 Apr 2011 22:14:44 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET cache-control: no-store, must-revalidate, private Pragma: no-cache P3P: CP="NOI DSP COR CURa OUR NOR" Location: http://a440ed122e89695cc Content-Length: 229 Content-Type: text/html Expires: Tue, 01 Jan 1980 06:00:00 GMT Cache-control: private <head><title>Object moved</title></head> <body><h1>Object Moved</h1>This object may be found <a HREF="http://a440ed1 ...[SNIP]... |
Severity: | Information |
Confidence: | Certain |
Host: | http://a4.websitealive |
Path: | /669/Visitor/vTracker_v2 |
GET /669/Visitor/vTracker_v2 Host: a4.websitealive.com Proxy-Connection: keep-alive Referer: http://sofmen.com/ User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Cookie: ASPSESSIONIDQQQQRCBD |
HTTP/1.1 200 OK Date: Wed, 20 Apr 2011 19:54:45 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET cache-control: no-store, must-revalidate, private Pragma: no-cache P3P: CP="NOI DSP COR CURa OUR NOR" Content-Length: 7775 Content-Type: text/html Expires: Tue, 01 Jan 1980 06:00:00 GMT Cache-control: private var embed_departmentid = '0'; // keep on page function URLEncode(plaintext) { // The Javascript escape and unescape functions do not correspond // with what browsers actually do... va ...[SNIP]... |
Severity: | Information |
Confidence: | Certain |
Host: | http://a4.websitealive |
Path: | /669/rRouter.asp |
GET /669/rRouter.asp?groupid Host: a4.websitealive.com Proxy-Connection: keep-alive Referer: http://sofmen.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Cookie: ASPSESSIONIDQQQQRCBD |
HTTP/1.1 200 OK Date: Wed, 20 Apr 2011 19:59:13 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET cache-control: no-store, must-revalidate, private Pragma: no-cache Content-Length: 617 Content-Type: text/html Expires: Tue, 01 Jan 1980 06:00:00 GMT Cache-control: private <!-- Functions Here --> <script language=javascript> var isInIFrame = (window.location != window.parent.location) ? true : false; if (!isInIFrame){ parent.moveTo(100,100); ...[SNIP]... |
Severity: | Information |
Confidence: | Firm |
Host: | http://a4.websitealive |
Path: | /669/Visitor/vTracker_v2 |
GET /669/Visitor/vTracker_v2 Host: a4.websitealive.com Proxy-Connection: keep-alive Referer: http://sofmen.com/ User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Cookie: ASPSESSIONIDQQQQRCBD |
HTTP/1.1 200 OK Date: Wed, 20 Apr 2011 19:54:45 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET cache-control: no-store, must-revalidate, private Pragma: no-cache P3P: CP="NOI DSP COR CURa OUR NOR" Content-Length: 7775 Content-Type: text/html Expires: Tue, 01 Jan 1980 06:00:00 GMT Cache-control: private var embed_departmentid = '0'; // keep on page function URLEncode(plaintext) { // The Javascript escape and unescape functions do not correspond // with what browsers actually do... va ...[SNIP]... |