1.1. http://amch.questionmarket.com/adscgen/st.php [REST URL parameter 2]
2. Cookie scoped to parent domain
3. Cookie without HttpOnly flag set
4. HTML does not specify charset
5. Content type incorrectly stated
Severity: | High |
Confidence: | Tentative |
Host: | http://amch.question |
Path: | /adscgen/st.php |
GET /adscgen/st.php%2527?survey_num=774810&site Host: amch.questionmarket.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: ES=823529-ie.pM-MG_844890 |
HTTP/1.1 404 Not Found Date: Sat, 29 Jan 2011 05:20:55 GMT Server: Apache Vary: accept-language Accept-Ranges: bytes Keep-Alive: timeout=120 Connection: Keep-Alive Content-Type: text/html Content-Language: en Content-Length: 1059 <?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR <html xmlns="http://www.w3.org ...[SNIP]... <dd> If you think this is a server error, please contact the <a href="mailto:serveradmin ...[SNIP]... |
GET /adscgen/st.php%2527%2527?survey_num=774810&site Host: amch.questionmarket.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: ES=823529-ie.pM-MG_844890 |
HTTP/1.1 404 Not Found Date: Sat, 29 Jan 2011 05:20:55 GMT Server: Apache-AdvancedExtra Content-Length: 218 Keep-Alive: timeout=120, max=893 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /adscgen/st.php%27%27 was not found on this server.</ ...[SNIP]... |
Severity: | High |
Confidence: | Tentative |
Host: | http://amch.question |
Path: | /adscgen/st.php |
GET /adscgen/st.php/1%00' HTTP/1.1 Host: amch.questionmarket.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: ES=823529-ie.pM-MG_844890 |
HTTP/1.1 404 Not Found Date: Fri, 28 Jan 2011 16:44:08 GMT Server: Apache Vary: accept-language Accept-Ranges: bytes Keep-Alive: timeout=120 Connection: Keep-Alive Content-Type: text/html Content-Language: en Content-Length: 1059 <?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR <html xmlns="http://www.w3.org ...[SNIP]... <dd> If you think this is a server error, please contact the <a href="mailto:serveradmin ...[SNIP]... |
GET /adscgen/st.php/1%00'' HTTP/1.1 Host: amch.questionmarket.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: ES=823529-ie.pM-MG_844890 |
HTTP/1.1 404 Not Found Date: Fri, 28 Jan 2011 16:44:08 GMT Server: Apache-AdvancedExtra Content-Length: 214 Keep-Alive: timeout=120, max=888 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /adscgen/st.php/1 was not found on this server.</p> < ...[SNIP]... |
Severity: | Information |
Confidence: | Certain |
Host: | http://amch.question |
Path: | /adsc/d791689/21/39823749 |
GET /adsc/d791689/21/39823749 Host: amch.questionmarket.com Proxy-Connection: keep-alive Referer: http://www.nydailynews Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Cookie: LP=1296062048; CS1=823529-1-2_39959898 |
HTTP/1.1 200 OK Date: Fri, 28 Jan 2011 14:48:41 GMT Server: Apache/2.2.3 X-Powered-By: PHP/4.4.4 Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, max-age=0 Pragma: no-cache P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch DL_S: b203.dl Set-Cookie: CS1=deleted; expires=Thu, 28 Jan 2010 14:48:40 GMT; path=/; domain=.questionmarket Set-Cookie: CS1=823529-1-2_39959898 Set-Cookie: ES=823529-ie.pM-MG_844890 Cache-Control: post-check=0, pre-check=0 Content-Length: 43 Content-Type: image/gif GIF89a.............!..... |
Severity: | Information |
Confidence: | Certain |
Host: | http://amch.question |
Path: | /adsc/d791689/21/39823749 |
GET /adsc/d791689/21/39823749 Host: amch.questionmarket.com Proxy-Connection: keep-alive Referer: http://www.nydailynews Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Cookie: LP=1296062048; CS1=823529-1-2_39959898 |
HTTP/1.1 200 OK Date: Fri, 28 Jan 2011 14:48:41 GMT Server: Apache/2.2.3 X-Powered-By: PHP/4.4.4 Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, max-age=0 Pragma: no-cache P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch DL_S: b203.dl Set-Cookie: CS1=deleted; expires=Thu, 28 Jan 2010 14:48:40 GMT; path=/; domain=.questionmarket Set-Cookie: CS1=823529-1-2_39959898 Set-Cookie: ES=823529-ie.pM-MG_844890 Cache-Control: post-check=0, pre-check=0 Content-Length: 43 Content-Type: image/gif GIF89a.............!..... |
Severity: | Information |
Confidence: | Certain |
Host: | http://amch.question |
Path: | /adscgen/st.php |
GET /adscgen/st.php?survey Host: amch.questionmarket.com Proxy-Connection: keep-alive Referer: http://www.nydailynews Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Cookie: LP=1296062048; CS1=823529-1-2_39959898 |
HTTP/1.1 200 OK Date: Fri, 28 Jan 2011 14:48:40 GMT Server: Apache/2.2.3 X-Powered-By: PHP/4.4.4 DL_S: b103.dl P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch Content-Length: 165 Content-Type: text/html (function(){ if(1!=4){ (new Image).src="http://amch } })(); |
Severity: | Information |
Confidence: | Firm |
Host: | http://amch.question |
Path: | /adscgen/st.php |
GET /adscgen/st.php?survey Host: amch.questionmarket.com Proxy-Connection: keep-alive Referer: http://www.nydailynews Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Cookie: LP=1296062048; CS1=823529-1-2_39959898 |
HTTP/1.1 200 OK Date: Fri, 28 Jan 2011 14:48:40 GMT Server: Apache/2.2.3 X-Powered-By: PHP/4.4.4 DL_S: b103.dl P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch Content-Length: 165 Content-Type: text/html (function(){ if(1!=4){ (new Image).src="http://amch } })(); |