XML Injection, CWE-91, DORK, PoC, Report, March 20, 2011

XML or SOAP injection vulnerabilities arise when user input is inserted into a server-side XML document or SOAP message in an unsafe way. It may be possible to use XML metacharacters to modify the structure of the resulting XML. Depending on the function in which the XML is used, it may be possible to interfere with the application's logic, to perform unauthorised actions or access sensitive data.

This kind of vulnerability can be difficult to detect and exploit remotely; you should review the application's response, and the purpose which the relevant input performs within the application's functionality, to determine whether it is indeed vulnerable.

Issue remediation

The application should validate or sanitise user input before incorporating it into an XML document or SOAP message. It may be possible to block any input containing XML metacharacters such as < and >. Alternatively, these characters can be replaced with the corresponding entities: < and >.

1.1. http://assets.0.mybcdna.com/JavaScript/apps/HomeBeforeLogin/hblv2.js [REST URL parameter 1] next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://assets.0.mybcdna.com
Path:	/JavaScript/apps/HomeBeforeLogin/hblv2.js

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /JavaScript]]>>/apps/HomeBeforeLogin/hblv2.js?64244 HTTP/1.1
Host: assets.0.mybcdna.com
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 12:45:45 GMT
Server: lighttpd/1.4.19
X-MyPoolMember: 10.100.10.31
Accept-Ranges: bytes
Cache-Control: private, max-age=1800
Age: 0
Expires: Sun, 20 Mar 2011 13:15:45 GMT
X-CDN: Cotendo
Connection: Keep-Alive

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.2. http://assets.0.mybcdna.com/JavaScript/apps/HomeBeforeLogin/hblv2.js [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://assets.0.mybcdna.com
Path:	/JavaScript/apps/HomeBeforeLogin/hblv2.js

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /JavaScript/apps]]>>/HomeBeforeLogin/hblv2.js?64244 HTTP/1.1
Host: assets.0.mybcdna.com
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 12:45:46 GMT
Server: lighttpd/1.4.19
X-MyPoolMember: 10.100.10.31
Accept-Ranges: bytes
Cache-Control: private, max-age=1800
Age: 0
Expires: Sun, 20 Mar 2011 13:15:46 GMT
X-CDN: Cotendo
Connection: Keep-Alive

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.3. http://assets.0.mybcdna.com/JavaScript/apps/HomeBeforeLogin/hblv2.js [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://assets.0.mybcdna.com
Path:	/JavaScript/apps/HomeBeforeLogin/hblv2.js

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /JavaScript/apps/HomeBeforeLogin]]>>/hblv2.js?64244 HTTP/1.1
Host: assets.0.mybcdna.com
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 12:45:47 GMT
Server: lighttpd/1.4.19
X-MyPoolMember: 10.100.10.31
Accept-Ranges: bytes
Cache-Control: private, max-age=1800
Age: 0
Expires: Sun, 20 Mar 2011 13:15:47 GMT
X-CDN: Cotendo
Connection: Keep-Alive

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.4. http://assets.0.mybcdna.com/JavaScript/apps/HomeBeforeLogin/hblv2.js [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://assets.0.mybcdna.com
Path:	/JavaScript/apps/HomeBeforeLogin/hblv2.js

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /JavaScript/apps/HomeBeforeLogin/hblv2.js]]>>?64244 HTTP/1.1
Host: assets.0.mybcdna.com
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 12:45:48 GMT
Server: lighttpd/1.4.19
X-MyPoolMember: 10.100.10.31
Accept-Ranges: bytes
Cache-Control: no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-CDN: Cotendo
Connection: Keep-Alive

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.5. http://assets.2.mybcdna.com//images/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://assets.2.mybcdna.com
Path:	//images/favicon.ico

Issue detail

Request

GET //images]]>>/favicon.ico HTTP/1.1
Host: assets.2.mybcdna.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 12:57:22 GMT
Server: lighttpd/1.4.19
X-MyPoolMember: 10.100.10.31
Accept-Ranges: bytes
Cache-Control: private, max-age=1800
Age: 0
Expires: Sun, 20 Mar 2011 13:27:22 GMT
X-CDN: Cotendo
Connection: Keep-Alive

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.6. http://assets.2.mybcdna.com//images/favicon.ico [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://assets.2.mybcdna.com
Path:	//images/favicon.ico

Issue detail

Request

GET //images/favicon.ico]]>> HTTP/1.1
Host: assets.2.mybcdna.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 12:57:23 GMT
Server: lighttpd/1.4.19
X-MyPoolMember: 10.100.10.31
Accept-Ranges: bytes
Cache-Control: no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-CDN: Cotendo
Connection: Keep-Alive

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.7. http://assets.2.mybcdna.com/css/apps/HomeBeforeLogin/hblv2.css [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://assets.2.mybcdna.com
Path:	/css/apps/HomeBeforeLogin/hblv2.css

Issue detail

Request

GET /css]]>>/apps/HomeBeforeLogin/hblv2.css?64244 HTTP/1.1
Host: assets.2.mybcdna.com
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 12:45:27 GMT
Server: lighttpd/1.4.19
X-MyPoolMember: 10.100.10.31
Accept-Ranges: bytes
Cache-Control: private, max-age=1800
Age: 0
Expires: Sun, 20 Mar 2011 13:15:27 GMT
X-CDN: Cotendo
Connection: Keep-Alive

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.8. http://assets.2.mybcdna.com/css/apps/HomeBeforeLogin/hblv2.css [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://assets.2.mybcdna.com
Path:	/css/apps/HomeBeforeLogin/hblv2.css

Issue detail

Request

GET /css/apps]]>>/HomeBeforeLogin/hblv2.css?64244 HTTP/1.1
Host: assets.2.mybcdna.com
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

1.9. http://assets.2.mybcdna.com/css/apps/HomeBeforeLogin/hblv2.css [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://assets.2.mybcdna.com
Path:	/css/apps/HomeBeforeLogin/hblv2.css

Issue detail

Request

GET /css/apps/HomeBeforeLogin]]>>/hblv2.css?64244 HTTP/1.1
Host: assets.2.mybcdna.com
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 12:45:28 GMT
Server: lighttpd/1.4.19
X-MyPoolMember: 10.100.10.31
Accept-Ranges: bytes
Cache-Control: private, max-age=1800
Age: 0
Expires: Sun, 20 Mar 2011 13:15:28 GMT
X-CDN: Cotendo
Connection: Keep-Alive

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.10. http://assets.2.mybcdna.com/css/apps/HomeBeforeLogin/hblv2.css [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://assets.2.mybcdna.com
Path:	/css/apps/HomeBeforeLogin/hblv2.css

Issue detail

Request

GET /css/apps/HomeBeforeLogin/hblv2.css]]>>?64244 HTTP/1.1
Host: assets.2.mybcdna.com
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 12:45:29 GMT
Server: lighttpd/1.4.19
X-MyPoolMember: 10.100.10.31
Accept-Ranges: bytes
Cache-Control: no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-CDN: Cotendo
Connection: Keep-Alive

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.11. http://assets.2.mybcdna.com/images/HomeBeforeLogin/background_content.png [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://assets.2.mybcdna.com
Path:	/images/HomeBeforeLogin/background_content.png

Issue detail

Request

GET /images]]>>/HomeBeforeLogin/background_content.png?1 HTTP/1.1
Host: assets.2.mybcdna.com
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 12:53:40 GMT
Server: lighttpd/1.4.19
X-MyPoolMember: 10.100.10.31
Accept-Ranges: bytes
Cache-Control: private, max-age=1800
Age: 0
Expires: Sun, 20 Mar 2011 13:23:40 GMT
X-CDN: Cotendo
Connection: Keep-Alive

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.12. http://assets.2.mybcdna.com/images/HomeBeforeLogin/background_content.png [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://assets.2.mybcdna.com
Path:	/images/HomeBeforeLogin/background_content.png

Issue detail

Request

GET /images/HomeBeforeLogin]]>>/background_content.png?1 HTTP/1.1
Host: assets.2.mybcdna.com
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 12:53:41 GMT
Server: lighttpd/1.4.19
X-MyPoolMember: 10.100.10.31
Accept-Ranges: bytes
Cache-Control: private, max-age=1800
Age: 0
Expires: Sun, 20 Mar 2011 13:23:41 GMT
X-CDN: Cotendo
Connection: Keep-Alive

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.13. http://assets.2.mybcdna.com/images/HomeBeforeLogin/background_content.png [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://assets.2.mybcdna.com
Path:	/images/HomeBeforeLogin/background_content.png

Issue detail

Request

GET /images/HomeBeforeLogin/background_content.png]]>>?1 HTTP/1.1
Host: assets.2.mybcdna.com
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 12:53:41 GMT
Server: lighttpd/1.4.19
X-MyPoolMember: 10.100.10.31
Accept-Ranges: bytes
Cache-Control: no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-CDN: Cotendo
Connection: Keep-Alive

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.14. http://assets.2.mybcdna.com/images/Navbar/default_sprite.png [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://assets.2.mybcdna.com
Path:	/images/Navbar/default_sprite.png

Issue detail

Request

GET /images]]>>/Navbar/default_sprite.png?3 HTTP/1.1
Host: assets.2.mybcdna.com
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 12:51:33 GMT
Server: lighttpd/1.4.19
X-MyPoolMember: 10.100.10.31
Accept-Ranges: bytes
Cache-Control: private, max-age=1800
Age: 0
Expires: Sun, 20 Mar 2011 13:21:33 GMT
X-CDN: Cotendo
Connection: Keep-Alive

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.15. http://assets.2.mybcdna.com/images/Navbar/default_sprite.png [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://assets.2.mybcdna.com
Path:	/images/Navbar/default_sprite.png

Issue detail

Request

GET /images/Navbar]]>>/default_sprite.png?3 HTTP/1.1
Host: assets.2.mybcdna.com
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 12:51:34 GMT
Server: lighttpd/1.4.19
X-MyPoolMember: 10.100.10.31
Accept-Ranges: bytes
Cache-Control: private, max-age=1800
Age: 0
Expires: Sun, 20 Mar 2011 13:21:34 GMT
X-CDN: Cotendo
Connection: Keep-Alive

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.16. http://assets.2.mybcdna.com/images/Navbar/default_sprite.png [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://assets.2.mybcdna.com
Path:	/images/Navbar/default_sprite.png

Issue detail

Request

GET /images/Navbar/default_sprite.png]]>>?3 HTTP/1.1
Host: assets.2.mybcdna.com
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 12:51:35 GMT
Server: lighttpd/1.4.19
X-MyPoolMember: 10.100.10.31
Accept-Ranges: bytes
Cache-Control: no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-CDN: Cotendo
Connection: Keep-Alive

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.17. http://assets.2.mybcdna.com/images/gradient_sprite.png [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://assets.2.mybcdna.com
Path:	/images/gradient_sprite.png

Issue detail

Request

GET /images]]>>/gradient_sprite.png?3 HTTP/1.1
Host: assets.2.mybcdna.com
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 12:51:17 GMT
Server: lighttpd/1.4.19
X-MyPoolMember: 10.100.10.31
Accept-Ranges: bytes
Cache-Control: private, max-age=1800
Age: 0
Expires: Sun, 20 Mar 2011 13:21:17 GMT
X-CDN: Cotendo
Connection: Keep-Alive

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.18. http://assets.2.mybcdna.com/images/gradient_sprite.png [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://assets.2.mybcdna.com
Path:	/images/gradient_sprite.png

Issue detail

Request

GET /images/gradient_sprite.png]]>>?3 HTTP/1.1
Host: assets.2.mybcdna.com
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 12:51:18 GMT
Server: lighttpd/1.4.19
X-MyPoolMember: 10.100.10.31
Accept-Ranges: bytes
Cache-Control: no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-CDN: Cotendo
Connection: Keep-Alive

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.19. http://assets.2.mybcdna.com/images/header_sprite.png [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://assets.2.mybcdna.com
Path:	/images/header_sprite.png

Issue detail

Request

GET /images]]>>/header_sprite.png?3 HTTP/1.1
Host: assets.2.mybcdna.com
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 12:51:15 GMT
Server: lighttpd/1.4.19
X-MyPoolMember: 10.100.10.31
Accept-Ranges: bytes
Cache-Control: private, max-age=1800
Age: 0
Expires: Sun, 20 Mar 2011 13:21:15 GMT
X-CDN: Cotendo
Connection: Keep-Alive

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.20. http://assets.2.mybcdna.com/images/header_sprite.png [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://assets.2.mybcdna.com
Path:	/images/header_sprite.png

Issue detail

Request

GET /images/header_sprite.png]]>>?3 HTTP/1.1
Host: assets.2.mybcdna.com
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 12:51:15 GMT
Server: lighttpd/1.4.19
X-MyPoolMember: 10.100.10.31
Accept-Ranges: bytes
Cache-Control: no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-CDN: Cotendo
Connection: Keep-Alive

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.21. http://assets.mybcdna.com/css/apps/tGoogleAds.css [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://assets.mybcdna.com
Path:	/css/apps/tGoogleAds.css

Issue detail

Request

GET /css]]>>/apps/tGoogleAds.css?64244 HTTP/1.1
Host: assets.mybcdna.com
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 12:45:28 GMT
Server: lighttpd/1.4.19
Accept-Ranges: bytes
Cache-Control: private, max-age=1800
Age: 0
Expires: Sun, 20 Mar 2011 13:15:28 GMT
X-CDN: Cotendo
Connection: Keep-Alive

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.22. http://assets.mybcdna.com/css/apps/tGoogleAds.css [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://assets.mybcdna.com
Path:	/css/apps/tGoogleAds.css

Issue detail

Request

GET /css/apps]]>>/tGoogleAds.css?64244 HTTP/1.1
Host: assets.mybcdna.com
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 12:45:29 GMT
Server: lighttpd/1.4.19
Accept-Ranges: bytes
Cache-Control: private, max-age=1800
Age: 0
Expires: Sun, 20 Mar 2011 13:15:29 GMT
X-CDN: Cotendo
Connection: Keep-Alive

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.23. http://assets.mybcdna.com/css/apps/tGoogleAds.css [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://assets.mybcdna.com
Path:	/css/apps/tGoogleAds.css

Issue detail

Request

GET /css/apps/tGoogleAds.css]]>>?64244 HTTP/1.1
Host: assets.mybcdna.com
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 12:45:30 GMT
Server: lighttpd/1.4.19
Accept-Ranges: bytes
Cache-Control: no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-CDN: Cotendo
Connection: Keep-Alive

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.24. http://buzzya.com/wp-content/plugins/contact-form-7/scripts.js [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://buzzya.com
Path:	/wp-content/plugins/contact-form-7/scripts.js

Issue detail

Request

GET /wp-content]]>>/plugins/contact-form-7/scripts.js?ver=2.4.4 HTTP/1.1
Host: buzzya.com
Proxy-Connection: keep-alive
Referer: http://buzzya.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-506720853-1300626383925

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 13:17:01 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.25. http://buzzya.com/wp-content/plugins/contact-form-7/scripts.js [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://buzzya.com
Path:	/wp-content/plugins/contact-form-7/scripts.js

Issue detail

Request

GET /wp-content/plugins]]>>/contact-form-7/scripts.js?ver=2.4.4 HTTP/1.1
Host: buzzya.com
Proxy-Connection: keep-alive
Referer: http://buzzya.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-506720853-1300626383925

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 13:17:03 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.26. http://buzzya.com/wp-content/plugins/contact-form-7/scripts.js [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://buzzya.com
Path:	/wp-content/plugins/contact-form-7/scripts.js

Issue detail

Request

GET /wp-content/plugins/contact-form-7]]>>/scripts.js?ver=2.4.4 HTTP/1.1
Host: buzzya.com
Proxy-Connection: keep-alive
Referer: http://buzzya.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-506720853-1300626383925

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 13:17:04 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.27. http://buzzya.com/wp-content/plugins/contact-form-7/styles.css [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://buzzya.com
Path:	/wp-content/plugins/contact-form-7/styles.css

Issue detail

Request

GET /wp-content]]>>/plugins/contact-form-7/styles.css?ver=2.4.4 HTTP/1.1
Host: buzzya.com
Proxy-Connection: keep-alive
Referer: http://buzzya.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 13:14:03 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.28. http://buzzya.com/wp-content/plugins/contact-form-7/styles.css [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://buzzya.com
Path:	/wp-content/plugins/contact-form-7/styles.css

Issue detail

Request

GET /wp-content/plugins]]>>/contact-form-7/styles.css?ver=2.4.4 HTTP/1.1
Host: buzzya.com
Proxy-Connection: keep-alive
Referer: http://buzzya.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 13:14:04 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.29. http://buzzya.com/wp-content/plugins/contact-form-7/styles.css [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://buzzya.com
Path:	/wp-content/plugins/contact-form-7/styles.css

Issue detail

Request

GET /wp-content/plugins/contact-form-7]]>>/styles.css?ver=2.4.4 HTTP/1.1
Host: buzzya.com
Proxy-Connection: keep-alive
Referer: http://buzzya.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 13:14:06 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.30. http://buzzya.com/wp-content/plugins/jquery-image-lazy-loading/javascripts/jquery.lazyload.mini.js [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://buzzya.com
Path:	/wp-content/plugins/jquery-image-lazy-loading/javascripts/jquery.lazyload.mini.js

Issue detail

Request

GET /wp-content]]>>/plugins/jquery-image-lazy-loading/javascripts/jquery.lazyload.mini.js?ver=1.5.0 HTTP/1.1
Host: buzzya.com
Proxy-Connection: keep-alive
Referer: http://buzzya.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 13:14:42 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.31. http://buzzya.com/wp-content/plugins/jquery-image-lazy-loading/javascripts/jquery.lazyload.mini.js [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://buzzya.com
Path:	/wp-content/plugins/jquery-image-lazy-loading/javascripts/jquery.lazyload.mini.js

Issue detail

Request

GET /wp-content/plugins]]>>/jquery-image-lazy-loading/javascripts/jquery.lazyload.mini.js?ver=1.5.0 HTTP/1.1
Host: buzzya.com
Proxy-Connection: keep-alive
Referer: http://buzzya.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 13:14:43 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.32. http://buzzya.com/wp-content/plugins/jquery-image-lazy-loading/javascripts/jquery.lazyload.mini.js [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://buzzya.com
Path:	/wp-content/plugins/jquery-image-lazy-loading/javascripts/jquery.lazyload.mini.js

Issue detail

Request

GET /wp-content/plugins/jquery-image-lazy-loading]]>>/javascripts/jquery.lazyload.mini.js?ver=1.5.0 HTTP/1.1
Host: buzzya.com
Proxy-Connection: keep-alive
Referer: http://buzzya.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 13:14:44 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.33. http://buzzya.com/wp-content/plugins/jquery-image-lazy-loading/javascripts/jquery.lazyload.mini.js [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://buzzya.com
Path:	/wp-content/plugins/jquery-image-lazy-loading/javascripts/jquery.lazyload.mini.js

Issue detail

Request

GET /wp-content/plugins/jquery-image-lazy-loading/javascripts]]>>/jquery.lazyload.mini.js?ver=1.5.0 HTTP/1.1
Host: buzzya.com
Proxy-Connection: keep-alive
Referer: http://buzzya.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 13:14:45 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.34. http://buzzya.com/wp-content/plugins/lightbox-gallery/js/jquery.bgiframe.js [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://buzzya.com
Path:	/wp-content/plugins/lightbox-gallery/js/jquery.bgiframe.js

Issue detail

Request

GET /wp-content]]>>/plugins/lightbox-gallery/js/jquery.bgiframe.js?ver=3.1 HTTP/1.1
Host: buzzya.com
Proxy-Connection: keep-alive
Referer: http://buzzya.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-506720853-1300626383925

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 13:17:36 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.35. http://buzzya.com/wp-content/plugins/lightbox-gallery/js/jquery.bgiframe.js [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://buzzya.com
Path:	/wp-content/plugins/lightbox-gallery/js/jquery.bgiframe.js

Issue detail

Request

GET /wp-content/plugins]]>>/lightbox-gallery/js/jquery.bgiframe.js?ver=3.1 HTTP/1.1
Host: buzzya.com
Proxy-Connection: keep-alive
Referer: http://buzzya.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-506720853-1300626383925

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 13:17:37 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.36. http://buzzya.com/wp-content/plugins/lightbox-gallery/js/jquery.bgiframe.js [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://buzzya.com
Path:	/wp-content/plugins/lightbox-gallery/js/jquery.bgiframe.js

Issue detail

Request

GET /wp-content/plugins/lightbox-gallery]]>>/js/jquery.bgiframe.js?ver=3.1 HTTP/1.1
Host: buzzya.com
Proxy-Connection: keep-alive
Referer: http://buzzya.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-506720853-1300626383925

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 13:17:39 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.37. http://buzzya.com/wp-content/plugins/lightbox-gallery/js/jquery.bgiframe.js [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://buzzya.com
Path:	/wp-content/plugins/lightbox-gallery/js/jquery.bgiframe.js

Issue detail

Request

GET /wp-content/plugins/lightbox-gallery/js]]>>/jquery.bgiframe.js?ver=3.1 HTTP/1.1
Host: buzzya.com
Proxy-Connection: keep-alive
Referer: http://buzzya.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-506720853-1300626383925

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 13:17:40 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.38. http://buzzya.com/wp-content/plugins/lightbox-gallery/js/jquery.dimensions.js [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://buzzya.com
Path:	/wp-content/plugins/lightbox-gallery/js/jquery.dimensions.js

Issue detail

Request

GET /wp-content]]>>/plugins/lightbox-gallery/js/jquery.dimensions.js?ver=3.1 HTTP/1.1
Host: buzzya.com
Proxy-Connection: keep-alive
Referer: http://buzzya.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-506720853-1300626383925

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 13:17:21 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.39. http://buzzya.com/wp-content/plugins/lightbox-gallery/js/jquery.dimensions.js [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://buzzya.com
Path:	/wp-content/plugins/lightbox-gallery/js/jquery.dimensions.js

Issue detail

Request

GET /wp-content/plugins]]>>/lightbox-gallery/js/jquery.dimensions.js?ver=3.1 HTTP/1.1
Host: buzzya.com
Proxy-Connection: keep-alive
Referer: http://buzzya.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-506720853-1300626383925

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 13:17:22 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.40. http://buzzya.com/wp-content/plugins/lightbox-gallery/js/jquery.dimensions.js [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://buzzya.com
Path:	/wp-content/plugins/lightbox-gallery/js/jquery.dimensions.js

Issue detail

Request

GET /wp-content/plugins/lightbox-gallery]]>>/js/jquery.dimensions.js?ver=3.1 HTTP/1.1
Host: buzzya.com
Proxy-Connection: keep-alive
Referer: http://buzzya.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-506720853-1300626383925

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 13:17:24 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.41. http://buzzya.com/wp-content/plugins/lightbox-gallery/js/jquery.dimensions.js [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://buzzya.com
Path:	/wp-content/plugins/lightbox-gallery/js/jquery.dimensions.js

Issue detail

Request

GET /wp-content/plugins/lightbox-gallery/js]]>>/jquery.dimensions.js?ver=3.1 HTTP/1.1
Host: buzzya.com
Proxy-Connection: keep-alive
Referer: http://buzzya.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-506720853-1300626383925

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 13:17:26 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.42. http://buzzya.com/wp-content/plugins/lightbox-gallery/js/jquery.lightbox.js [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://buzzya.com
Path:	/wp-content/plugins/lightbox-gallery/js/jquery.lightbox.js

Issue detail

Request

GET /wp-content]]>>/plugins/lightbox-gallery/js/jquery.lightbox.js?ver=3.1 HTTP/1.1
Host: buzzya.com
Proxy-Connection: keep-alive
Referer: http://buzzya.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-506720853-1300626383925

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 13:16:57 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.43. http://buzzya.com/wp-content/plugins/lightbox-gallery/js/jquery.lightbox.js [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://buzzya.com
Path:	/wp-content/plugins/lightbox-gallery/js/jquery.lightbox.js

Issue detail

Request

GET /wp-content/plugins]]>>/lightbox-gallery/js/jquery.lightbox.js?ver=3.1 HTTP/1.1
Host: buzzya.com
Proxy-Connection: keep-alive
Referer: http://buzzya.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-506720853-1300626383925

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 13:16:59 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.44. http://buzzya.com/wp-content/plugins/lightbox-gallery/js/jquery.lightbox.js [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://buzzya.com
Path:	/wp-content/plugins/lightbox-gallery/js/jquery.lightbox.js

Issue detail

Request

GET /wp-content/plugins/lightbox-gallery]]>>/js/jquery.lightbox.js?ver=3.1 HTTP/1.1
Host: buzzya.com
Proxy-Connection: keep-alive
Referer: http://buzzya.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-506720853-1300626383925

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 13:17:00 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.45. http://buzzya.com/wp-content/plugins/lightbox-gallery/js/jquery.lightbox.js [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://buzzya.com
Path:	/wp-content/plugins/lightbox-gallery/js/jquery.lightbox.js

Issue detail

Request

GET /wp-content/plugins/lightbox-gallery/js]]>>/jquery.lightbox.js?ver=3.1 HTTP/1.1
Host: buzzya.com
Proxy-Connection: keep-alive
Referer: http://buzzya.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-506720853-1300626383925

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 13:17:02 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.46. http://buzzya.com/wp-content/plugins/lightbox-gallery/js/jquery.tooltip.js [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://buzzya.com
Path:	/wp-content/plugins/lightbox-gallery/js/jquery.tooltip.js

Issue detail

Request

GET /wp-content]]>>/plugins/lightbox-gallery/js/jquery.tooltip.js?ver=3.1 HTTP/1.1
Host: buzzya.com
Proxy-Connection: keep-alive
Referer: http://buzzya.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-506720853-1300626383925

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 13:17:48 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.47. http://buzzya.com/wp-content/plugins/lightbox-gallery/js/jquery.tooltip.js [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://buzzya.com
Path:	/wp-content/plugins/lightbox-gallery/js/jquery.tooltip.js

Issue detail

Request

GET /wp-content/plugins]]>>/lightbox-gallery/js/jquery.tooltip.js?ver=3.1 HTTP/1.1
Host: buzzya.com
Proxy-Connection: keep-alive
Referer: http://buzzya.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-506720853-1300626383925

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 13:17:49 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.48. http://buzzya.com/wp-content/plugins/lightbox-gallery/js/jquery.tooltip.js [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://buzzya.com
Path:	/wp-content/plugins/lightbox-gallery/js/jquery.tooltip.js

Issue detail

Request

GET /wp-content/plugins/lightbox-gallery]]>>/js/jquery.tooltip.js?ver=3.1 HTTP/1.1
Host: buzzya.com
Proxy-Connection: keep-alive
Referer: http://buzzya.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-506720853-1300626383925

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 13:17:50 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.49. http://buzzya.com/wp-content/plugins/lightbox-gallery/js/jquery.tooltip.js [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://buzzya.com
Path:	/wp-content/plugins/lightbox-gallery/js/jquery.tooltip.js

Issue detail

Request

GET /wp-content/plugins/lightbox-gallery/js]]>>/jquery.tooltip.js?ver=3.1 HTTP/1.1
Host: buzzya.com
Proxy-Connection: keep-alive
Referer: http://buzzya.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-506720853-1300626383925

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 13:17:51 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.50. http://buzzya.com/wp-content/plugins/lightbox-gallery/lightbox-gallery.js [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://buzzya.com
Path:	/wp-content/plugins/lightbox-gallery/lightbox-gallery.js

Issue detail

Request

GET /wp-content]]>>/plugins/lightbox-gallery/lightbox-gallery.js?ver=3.1 HTTP/1.1
Host: buzzya.com
Proxy-Connection: keep-alive
Referer: http://buzzya.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-506720853-1300626383925

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 13:17:54 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.51. http://buzzya.com/wp-content/plugins/lightbox-gallery/lightbox-gallery.js [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://buzzya.com
Path:	/wp-content/plugins/lightbox-gallery/lightbox-gallery.js

Issue detail

Request

GET /wp-content/plugins]]>>/lightbox-gallery/lightbox-gallery.js?ver=3.1 HTTP/1.1
Host: buzzya.com
Proxy-Connection: keep-alive
Referer: http://buzzya.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-506720853-1300626383925

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 13:17:55 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.52. http://buzzya.com/wp-content/plugins/lightbox-gallery/lightbox-gallery.js [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://buzzya.com
Path:	/wp-content/plugins/lightbox-gallery/lightbox-gallery.js

Issue detail

Request

GET /wp-content/plugins/lightbox-gallery]]>>/lightbox-gallery.js?ver=3.1 HTTP/1.1
Host: buzzya.com
Proxy-Connection: keep-alive
Referer: http://buzzya.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-506720853-1300626383925

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 13:17:56 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.53. http://buzzya.com/wp-content/themes/buzzya/js/tabbed-widget.js [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://buzzya.com
Path:	/wp-content/themes/buzzya/js/tabbed-widget.js

Issue detail

Request

GET /wp-content]]>>/themes/buzzya/js/tabbed-widget.js?ver=3.1 HTTP/1.1
Host: buzzya.com
Proxy-Connection: keep-alive
Referer: http://buzzya.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 13:14:41 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.54. http://buzzya.com/wp-content/themes/buzzya/js/tabbed-widget.js [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://buzzya.com
Path:	/wp-content/themes/buzzya/js/tabbed-widget.js

Issue detail

Request

GET /wp-content/themes]]>>/buzzya/js/tabbed-widget.js?ver=3.1 HTTP/1.1
Host: buzzya.com
Proxy-Connection: keep-alive
Referer: http://buzzya.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

1.55. http://buzzya.com/wp-content/themes/buzzya/js/tabbed-widget.js [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://buzzya.com
Path:	/wp-content/themes/buzzya/js/tabbed-widget.js

Issue detail

Request

GET /wp-content/themes/buzzya]]>>/js/tabbed-widget.js?ver=3.1 HTTP/1.1
Host: buzzya.com
Proxy-Connection: keep-alive
Referer: http://buzzya.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

1.56. http://buzzya.com/wp-content/themes/buzzya/js/tabbed-widget.js [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://buzzya.com
Path:	/wp-content/themes/buzzya/js/tabbed-widget.js

Issue detail

Request

GET /wp-content/themes/buzzya/js]]>>/tabbed-widget.js?ver=3.1 HTTP/1.1
Host: buzzya.com
Proxy-Connection: keep-alive
Referer: http://buzzya.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

1.57. http://buzzya.com/wp-content/uploads/2010/08/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://buzzya.com
Path:	/wp-content/uploads/2010/08/favicon.ico

Issue detail

Request

GET /wp-content]]>>/uploads/2010/08/favicon.ico HTTP/1.1
Host: buzzya.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-506720853-1300626383925; __utmz=24476457.1300626387.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24476457.1786877450.1300626387.1300626387.1300626387.1; __utmc=24476457; __utmb=24476457.1.10.1300626387

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 13:23:10 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.58. http://buzzya.com/wp-content/uploads/2010/08/favicon.ico [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://buzzya.com
Path:	/wp-content/uploads/2010/08/favicon.ico

Issue detail

Request

GET /wp-content/uploads]]>>/2010/08/favicon.ico HTTP/1.1
Host: buzzya.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-506720853-1300626383925; __utmz=24476457.1300626387.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24476457.1786877450.1300626387.1300626387.1300626387.1; __utmc=24476457; __utmb=24476457.1.10.1300626387

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 13:23:11 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.59. http://buzzya.com/wp-content/uploads/2010/08/favicon.ico [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://buzzya.com
Path:	/wp-content/uploads/2010/08/favicon.ico

Issue detail

Request

GET /wp-content/uploads/2010]]>>/08/favicon.ico HTTP/1.1
Host: buzzya.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-506720853-1300626383925; __utmz=24476457.1300626387.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24476457.1786877450.1300626387.1300626387.1300626387.1; __utmc=24476457; __utmb=24476457.1.10.1300626387

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 13:23:12 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.60. http://buzzya.com/wp-content/uploads/2010/08/favicon.ico [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://buzzya.com
Path:	/wp-content/uploads/2010/08/favicon.ico

Issue detail

Request

GET /wp-content/uploads/2010/08]]>>/favicon.ico HTTP/1.1
Host: buzzya.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-506720853-1300626383925; __utmz=24476457.1300626387.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=24476457.1786877450.1300626387.1300626387.1300626387.1; __utmc=24476457; __utmb=24476457.1.10.1300626387

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 13:23:14 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.61. http://buzzya.com/wp-includes/js/jquery/ui.core.js [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://buzzya.com
Path:	/wp-includes/js/jquery/ui.core.js

Issue detail

Request

GET /wp-includes]]>>/js/jquery/ui.core.js?ver=1.8.9 HTTP/1.1
Host: buzzya.com
Proxy-Connection: keep-alive
Referer: http://buzzya.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 13:14:34 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.62. http://buzzya.com/wp-includes/js/jquery/ui.core.js [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://buzzya.com
Path:	/wp-includes/js/jquery/ui.core.js

Issue detail

Request

GET /wp-includes/js]]>>/jquery/ui.core.js?ver=1.8.9 HTTP/1.1
Host: buzzya.com
Proxy-Connection: keep-alive
Referer: http://buzzya.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 13:14:35 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.63. http://buzzya.com/wp-includes/js/jquery/ui.core.js [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://buzzya.com
Path:	/wp-includes/js/jquery/ui.core.js

Issue detail

Request

GET /wp-includes/js/jquery]]>>/ui.core.js?ver=1.8.9 HTTP/1.1
Host: buzzya.com
Proxy-Connection: keep-alive
Referer: http://buzzya.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 13:14:36 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.64. http://buzzya.com/wp-includes/js/jquery/ui.tabs.js [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://buzzya.com
Path:	/wp-includes/js/jquery/ui.tabs.js

Issue detail

Request

GET /wp-includes]]>>/js/jquery/ui.tabs.js?ver=1.8.9 HTTP/1.1
Host: buzzya.com
Proxy-Connection: keep-alive
Referer: http://buzzya.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

1.65. http://buzzya.com/wp-includes/js/jquery/ui.tabs.js [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://buzzya.com
Path:	/wp-includes/js/jquery/ui.tabs.js

Issue detail

Request

GET /wp-includes/js]]>>/jquery/ui.tabs.js?ver=1.8.9 HTTP/1.1
Host: buzzya.com
Proxy-Connection: keep-alive
Referer: http://buzzya.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

1.66. http://buzzya.com/wp-includes/js/jquery/ui.tabs.js [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://buzzya.com
Path:	/wp-includes/js/jquery/ui.tabs.js

Issue detail

Request

GET /wp-includes/js/jquery]]>>/ui.tabs.js?ver=1.8.9 HTTP/1.1
Host: buzzya.com
Proxy-Connection: keep-alive
Referer: http://buzzya.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 13:14:46 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.67. http://buzzya.com/wp-includes/js/jquery/ui.widget.js [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://buzzya.com
Path:	/wp-includes/js/jquery/ui.widget.js

Issue detail

Request

GET /wp-includes]]>>/js/jquery/ui.widget.js?ver=1.8.9 HTTP/1.1
Host: buzzya.com
Proxy-Connection: keep-alive
Referer: http://buzzya.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 13:14:17 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.68. http://buzzya.com/wp-includes/js/jquery/ui.widget.js [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://buzzya.com
Path:	/wp-includes/js/jquery/ui.widget.js

Issue detail

Request

GET /wp-includes/js]]>>/jquery/ui.widget.js?ver=1.8.9 HTTP/1.1
Host: buzzya.com
Proxy-Connection: keep-alive
Referer: http://buzzya.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 13:14:18 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.69. http://buzzya.com/wp-includes/js/jquery/ui.widget.js [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://buzzya.com
Path:	/wp-includes/js/jquery/ui.widget.js

Issue detail

Request

GET /wp-includes/js/jquery]]>>/ui.widget.js?ver=1.8.9 HTTP/1.1
Host: buzzya.com
Proxy-Connection: keep-alive
Referer: http://buzzya.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 13:14:20 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.70. http://buzzya.com/wp-includes/js/l10n.js [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://buzzya.com
Path:	/wp-includes/js/l10n.js

Issue detail

Request

GET /wp-includes]]>>/js/l10n.js?ver=20101110 HTTP/1.1
Host: buzzya.com
Proxy-Connection: keep-alive
Referer: http://buzzya.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

1.71. http://buzzya.com/wp-includes/js/l10n.js [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://buzzya.com
Path:	/wp-includes/js/l10n.js

Issue detail

Request

GET /wp-includes/js]]>>/l10n.js?ver=20101110 HTTP/1.1
Host: buzzya.com
Proxy-Connection: keep-alive
Referer: http://buzzya.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

1.72. http://gzip.static.woot.com/App_Themes/Woot/favicon.6.ico [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://gzip.static.woot.com
Path:	/App_Themes/Woot/favicon.6.ico

Issue detail

Request

GET /App_Themes]]>>/Woot/favicon.6.ico HTTP/1.1
Host: gzip.static.woot.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=68a92d94b49fa8ca:T=1300624474:S=ALNI_MYMGDpiaZCYenCyoYfDzME3mF-6iw; __qca=P0-1285104554-1300624487224; __utmz=87498951.1300624488.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=87498951.137914016.1300624488.1300624488.1300624488.1; __utmc=87498951; __utmb=87498951.2.10.1300624488

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 7B78527775826559
x-amz-id-2: hoEfAP8cCwVKyQ0sjSWmMv7x2PyA5P6j9Tvy+1UXKe8JRJUr+0xN8H0IO6rDWpTO
Content-Type: application/xml
Date: Sun, 20 Mar 2011 13:00:00 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 9b735d9601ba2d0014bafa4d720f16eca31e951a1fd1660680dad9a9b8a0a94e30d14f5f158e1b8c
Via: 1.0 3829a1a874577a8522a3746a03714c50.cloudfront.net:11180 (CloudFront), 1.0 31e244a2756e3cfcf746c72350ec39fd.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>7B78527775826559</RequestId><HostId>hoEfAP8cCwVKyQ0sjSWmMv7x2PyA5P6j9Tvy+1UXKe8JRJUr+0
...[SNIP]...

1.73. http://gzip.static.woot.com/App_Themes/Woot/favicon.6.ico [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://gzip.static.woot.com
Path:	/App_Themes/Woot/favicon.6.ico

Issue detail

Request

GET /App_Themes/Woot]]>>/favicon.6.ico HTTP/1.1
Host: gzip.static.woot.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=68a92d94b49fa8ca:T=1300624474:S=ALNI_MYMGDpiaZCYenCyoYfDzME3mF-6iw; __qca=P0-1285104554-1300624487224; __utmz=87498951.1300624488.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=87498951.137914016.1300624488.1300624488.1300624488.1; __utmc=87498951; __utmb=87498951.2.10.1300624488

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 8ECF53ACAFDFD123
x-amz-id-2: 2RgEwENZoOLRRtTdwOjDqYo4IyFdKEZKJ1wPXsl7pmlJmqiida5Sw+uGHrXRiXRk
Content-Type: application/xml
Date: Sun, 20 Mar 2011 13:00:02 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 20807fc17cf7c57ea96ddbaa08e7ab0eb399b2fb6d7ba2cc489198a29133f40a5bdbe78283dc103c
Via: 1.0 8a8618213617600186ecf6bd4987d76d.cloudfront.net:11180 (CloudFront), 1.0 31e244a2756e3cfcf746c72350ec39fd.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>8ECF53ACAFDFD123</RequestId><HostId>2RgEwENZoOLRRtTdwOjDqYo4IyFdKEZKJ1wPXsl7pmlJmqiida
...[SNIP]...

1.74. http://gzip.static.woot.com/App_Themes/Woot/favicon.6.ico [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://gzip.static.woot.com
Path:	/App_Themes/Woot/favicon.6.ico

Issue detail

Request

GET /App_Themes/Woot/favicon.6.ico]]>> HTTP/1.1
Host: gzip.static.woot.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=68a92d94b49fa8ca:T=1300624474:S=ALNI_MYMGDpiaZCYenCyoYfDzME3mF-6iw; __qca=P0-1285104554-1300624487224; __utmz=87498951.1300624488.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=87498951.137914016.1300624488.1300624488.1300624488.1; __utmc=87498951; __utmb=87498951.2.10.1300624488

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 944287B0B400C4ED
x-amz-id-2: T40uuVJNeDXv2K4SWRYO0mv4ylOLx+lOXbQ3rEsnL0jBvvLN/iIx9NO1H7p1pIwv
Content-Type: application/xml
Date: Sun, 20 Mar 2011 13:00:03 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 503ec93e70e320ef30ccda32390b5212873837fff0f3da8820ffd77eedcb71659cc8f3ded6582d70
Via: 1.0 5f02c7af98f67d83dfbaa8f16a4a1dc2.cloudfront.net:11180 (CloudFront), 1.0 31e244a2756e3cfcf746c72350ec39fd.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>944287B0B400C4ED</RequestId><HostId>T40uuVJNeDXv2K4SWRYO0mv4ylOLx+lOXbQ3rEsnL0jBvvLN/i
...[SNIP]...

1.75. http://pixel.quantserve.com/api/segments.json [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://pixel.quantserve.com
Path:	/api/segments.json

Issue detail

Request

GET /api]]>>/segments.json?a=p-94wNw88f65Rhk&callback=mtvn.btg.reporting.QuantCast.Ads.setCookieDemoTargetVal HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mc=4d5af335-78cce-d894f-1b47b; d=ED0ACM45slEBtwEBqAaB9gwZrRw4leEHALo7KcQeXh0kiCwQDKobQOMADTDjAPtbLRAg7Cot4ZIxAhCRAAQQK7MaKh8nQTJcJNJQMkGYPCL0soVQyheXoS0wDakg0uObHS-R4tVgAA

Response

HTTP/1.1 404 Not Found
Connection: close
Content-Type: text/html
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 345
Date: Sun, 20 Mar 2011 12:34:19 GMT
Server: QS

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.76. http://pixel.quantserve.com/api/segments.json [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://pixel.quantserve.com
Path:	/api/segments.json

Issue detail

Request

GET /api/segments.json]]>>?a=p-94wNw88f65Rhk&callback=mtvn.btg.reporting.QuantCast.Ads.setCookieDemoTargetVal HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
Referer: http://www.shockwave.com/home.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mc=4d5af335-78cce-d894f-1b47b; d=ED0ACM45slEBtwEBqAaB9gwZrRw4leEHALo7KcQeXh0kiCwQDKobQOMADTDjAPtbLRAg7Cot4ZIxAhCRAAQQK7MaKh8nQTJcJNJQMkGYPCL0soVQyheXoS0wDakg0uObHS-R4tVgAA

Response

1.77. http://r.nexac.com/e/getdata.xgi [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://r.nexac.com
Path:	/e/getdata.xgi

Issue detail

Request

GET /e]]>>/getdata.xgi?dt=br&pkey=xkeii93kdn349&reppipe=,&edr=off&repequal=_&ru=http%3A%2F%2Fa.collective-media.net%2Fdatapair%3Fnet%3Dna%26pasv%3D0%26id%3D%3Cna_id%3E%26pid%3D%3Cna_mp%3E%26segs%3D%3Cna_da%3E HTTP/1.1
Host: r.nexac.com
Proxy-Connection: keep-alive
Referer: http://viacom.adbureau.net/AFTRSERVER/hserver//height=250/width=300/site=SW.NOL/aamsz=300X250/NCP=1//ATCI=1297806090-11017856
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW801i4e0ADNVY; na_id=2011030211314518281421320827; na_ps=1; na_tc=Y

Response

HTTP/1.1 404 Not Found
Expires: Wed Sep 15 09:14:42 MDT 2010
Pragma: no-cache
P3P: policyref="http://www.nextaction.net/P3P/PolicyReferences.xml", CP="NOI DSP COR NID CURa ADMa DEVa TAIo PSAo PSDo HISa OUR DELa SAMo UNRo OTRo BUS UNI PUR COM NAV INT DEM STA PRE"
Set-Cookie: na_tc=Y; expires=Thu,12-Dec-2030 22:00:00 GMT; domain=.nexac.com; path=/
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 12:34:52 GMT
Server: lighttpd/1.4.18

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.78. http://r.nexac.com/e/getdata.xgi [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://r.nexac.com
Path:	/e/getdata.xgi

Issue detail

Request

GET /e/getdata.xgi]]>>?dt=br&pkey=xkeii93kdn349&reppipe=,&edr=off&repequal=_&ru=http%3A%2F%2Fa.collective-media.net%2Fdatapair%3Fnet%3Dna%26pasv%3D0%26id%3D%3Cna_id%3E%26pid%3D%3Cna_mp%3E%26segs%3D%3Cna_da%3E HTTP/1.1
Host: r.nexac.com
Proxy-Connection: keep-alive
Referer: http://viacom.adbureau.net/AFTRSERVER/hserver//height=250/width=300/site=SW.NOL/aamsz=300X250/NCP=1//ATCI=1297806090-11017856
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW801i4e0ADNVY; na_id=2011030211314518281421320827; na_ps=1; na_tc=Y

Response

HTTP/1.1 404 Not Found
Expires: Wed Sep 15 09:14:42 MDT 2010
Pragma: no-cache
P3P: policyref="http://www.nextaction.net/P3P/PolicyReferences.xml", CP="NOI DSP COR NID CURa ADMa DEVa TAIo PSAo PSDo HISa OUR DELa SAMo UNRo OTRo BUS UNI PUR COM NAV INT DEM STA PRE"
Set-Cookie: na_tc=Y; expires=Thu,12-Dec-2030 22:00:00 GMT; domain=.nexac.com; path=/
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 12:34:55 GMT
Server: lighttpd/1.4.18

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.79. http://sale.images.woot.com/Blanket_w_Sleeves_and_Booklight___2_Pack4nhThumbnail.jpg [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://sale.images.woot.com
Path:	/Blanket_w_Sleeves_and_Booklight___2_Pack4nhThumbnail.jpg

Issue detail

Request

GET /Blanket_w_Sleeves_and_Booklight___2_Pack4nhThumbnail.jpg]]>> HTTP/1.1
Host: sale.images.woot.com
Proxy-Connection: keep-alive
Referer: http://www.woot.com/Forums/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=68a92d94b49fa8ca:T=1300624474:S=ALNI_MYMGDpiaZCYenCyoYfDzME3mF-6iw; __qca=P0-1285104554-1300624487224; __utmz=87498951.1300624488.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=87498951.137914016.1300624488.1300624488.1300624488.2; __utmc=87498951; __utmb=87498951.2.10.1300624488; __unam=b76efe6-12ed3745547-4621ae62-1

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 58F8B7E5068E761F
x-amz-id-2: Z5cpoTWJvqhaJUGF0GqwdWuSjbJ0qkO1hspFWJBobqU1hly2kHjaq0bPhLhGVEGp
Content-Type: application/xml
Date: Sun, 20 Mar 2011 13:46:20 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 1d44c000bce29ecb5d69350f0cd56ce1a2fc5379517a4e0a1a8e7b0ffe3624616824ce717e968b05
Via: 1.0 b65f5fd32e96f191273c362476853f01.cloudfront.net:11180 (CloudFront), 1.0 4f04a95a9979d0e7d13e48bf3a096c13.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>58F8B7E5068E761F</RequestId><HostId>Z5cpoTWJvqhaJUGF0GqwdWuSjbJ0qkO1hspFWJBobqU1hly2kH
...[SNIP]...

1.80. http://sale.images.woot.com/Castle_Rock_Winery_Mixed_Red_CasecrkThumbnail.jpg [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://sale.images.woot.com
Path:	/Castle_Rock_Winery_Mixed_Red_CasecrkThumbnail.jpg

Issue detail

Request

GET /Castle_Rock_Winery_Mixed_Red_CasecrkThumbnail.jpg]]>> HTTP/1.1
Host: sale.images.woot.com
Proxy-Connection: keep-alive
Referer: http://www.woot.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 47C766DCD9F5A899
x-amz-id-2: QUy2i/HeLn7UOT+4JcrVwQeFvpCtEyAzwfwEFtlYhCDpq3tSYPeqHOA6+MvjPd+R
Content-Type: application/xml
Date: Sun, 20 Mar 2011 12:35:40 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 4513f2af767ef07754be42ef946c9b7e6b06d806f1fc6b6a987a85ea6bb9d299cd781519536145a8
Via: 1.0 36eac20498fac4ca8a7c83ef56b27396.cloudfront.net:11180 (CloudFront), 1.0 e45b1f1e171044cf488be122ea3ff12a.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>47C766DCD9F5A899</RequestId><HostId>QUy2i/HeLn7UOT+4JcrVwQeFvpCtEyAzwfwEFtlYhCDpq3tSYP
...[SNIP]...

1.81. http://sale.images.woot.com/Criss_Angel_Street_Magic_Bundlean4Thumbnail.jpg [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://sale.images.woot.com
Path:	/Criss_Angel_Street_Magic_Bundlean4Thumbnail.jpg

Issue detail

Request

GET /Criss_Angel_Street_Magic_Bundlean4Thumbnail.jpg]]>> HTTP/1.1
Host: sale.images.woot.com
Proxy-Connection: keep-alive
Referer: http://www.woot.com/Forums/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=68a92d94b49fa8ca:T=1300624474:S=ALNI_MYMGDpiaZCYenCyoYfDzME3mF-6iw; __qca=P0-1285104554-1300624487224; __utmz=87498951.1300624488.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=87498951.137914016.1300624488.1300624488.1300624488.2; __utmc=87498951; __utmb=87498951.2.10.1300624488; __unam=b76efe6-12ed3745547-4621ae62-1

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: A77E8FCCBF26209A
x-amz-id-2: woRjjPM4Xz+bqx/ru5xBQwXFiVZlGt8Klgq/JoNRFwisMLcVEr2Bq5x6ow+IsV4j
Content-Type: application/xml
Date: Sun, 20 Mar 2011 13:43:01 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 641c1383c9c6563d11de0403a8171d225333e9f6b5d0e9206d8c57cadcb600e408a148e9bf99801e
Via: 1.0 a66b66777bcb1327d43930e7cba65de8.cloudfront.net:11180 (CloudFront), 1.0 bb70de28fb8ad22473a6722e58d74965.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>A77E8FCCBF26209A</RequestId><HostId>woRjjPM4Xz+bqx/ru5xBQwXFiVZlGt8Klgq/JoNRFwisMLcVEr
...[SNIP]...

1.82. http://sale.images.woot.com/Flip_SlideHD_16GB_Video_CameracoeStandard.jpg [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://sale.images.woot.com
Path:	/Flip_SlideHD_16GB_Video_CameracoeStandard.jpg

Issue detail

Request

GET /Flip_SlideHD_16GB_Video_CameracoeStandard.jpg]]>> HTTP/1.1
Host: sale.images.woot.com
Proxy-Connection: keep-alive
Referer: http://www.woot.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 4F188B4ACA5E097E
x-amz-id-2: R1DvaG+E1iJTHsPcKS2SiMECG1zjnHbkXauiHippO8LeR4igpD/ttGpsTFFZYvTd
Content-Type: application/xml
Date: Sun, 20 Mar 2011 12:35:31 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: dd9db230f00ad42b0b40e02b8eecce08f265f8b572ad904c8d5052da82220ead056c398a7eb9c29f
Via: 1.0 ecf6abe40feed656b4a0843263468b70.cloudfront.net:11180 (CloudFront), 1.0 e45b1f1e171044cf488be122ea3ff12a.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>4F188B4ACA5E097E</RequestId><HostId>R1DvaG+E1iJTHsPcKS2SiMECG1zjnHbkXauiHippO8LeR4igpD
...[SNIP]...

1.83. http://sale.images.woot.com/Franklin_Covey_Leather_Steno_Pad_Holdercx0Thumbnail.jpg [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://sale.images.woot.com
Path:	/Franklin_Covey_Leather_Steno_Pad_Holdercx0Thumbnail.jpg

Issue detail

Request

GET /Franklin_Covey_Leather_Steno_Pad_Holdercx0Thumbnail.jpg]]>> HTTP/1.1
Host: sale.images.woot.com
Proxy-Connection: keep-alive
Referer: http://www.woot.com/Forums/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=68a92d94b49fa8ca:T=1300624474:S=ALNI_MYMGDpiaZCYenCyoYfDzME3mF-6iw; __qca=P0-1285104554-1300624487224; __utmz=87498951.1300624488.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=87498951.137914016.1300624488.1300624488.1300624488.2; __utmc=87498951; __utmb=87498951.2.10.1300624488; __unam=b76efe6-12ed3745547-4621ae62-1

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 8DCBA69477C89674
x-amz-id-2: UDw3Bb4atePehaupdCuKH3zgDGodD4YzvyMOzha1yTxFm+hKzaqA69tOco8QI/jQ
Content-Type: application/xml
Date: Sun, 20 Mar 2011 13:43:49 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: b4f9c87ba424ca3d02ec0dc3ff5749cb281921fb566271c2e5369dbebb9396ccd3dcdb84c144c108
Via: 1.0 36eac20498fac4ca8a7c83ef56b27396.cloudfront.net:11180 (CloudFront), 1.0 bb70de28fb8ad22473a6722e58d74965.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>8DCBA69477C89674</RequestId><HostId>UDw3Bb4atePehaupdCuKH3zgDGodD4YzvyMOzha1yTxFm+hKza
...[SNIP]...

1.84. http://sale.images.woot.com/Hype_USB_Tape_to_MP3_ConverterssaThumbnail.jpg [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://sale.images.woot.com
Path:	/Hype_USB_Tape_to_MP3_ConverterssaThumbnail.jpg

Issue detail

Request

GET /Hype_USB_Tape_to_MP3_ConverterssaThumbnail.jpg]]>> HTTP/1.1
Host: sale.images.woot.com
Proxy-Connection: keep-alive
Referer: http://www.woot.com/Forums/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=68a92d94b49fa8ca:T=1300624474:S=ALNI_MYMGDpiaZCYenCyoYfDzME3mF-6iw; __qca=P0-1285104554-1300624487224; __utmz=87498951.1300624488.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=87498951.137914016.1300624488.1300624488.1300624488.2; __utmc=87498951; __utmb=87498951.2.10.1300624488; __unam=b76efe6-12ed3745547-4621ae62-1

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: EBC8C9D1F1167BA6
x-amz-id-2: n0t53ZF8Hu9BMMGNzqi+dlRayV68ujdoPukqewLYc0qK40zfrT00QqpXNVfSUcbH
Content-Type: application/xml
Date: Sun, 20 Mar 2011 13:43:16 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 0fc97607de070035e193c5de55c481924b25e92baedfe29a70c4189fcabd2b051f9618ff61115f43
Via: 1.0 86123d99569c9296c8605243e9a10621.cloudfront.net:11180 (CloudFront), 1.0 bb70de28fb8ad22473a6722e58d74965.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>EBC8C9D1F1167BA6</RequestId><HostId>n0t53ZF8Hu9BMMGNzqi+dlRayV68ujdoPukqewLYc0qK40zfrT
...[SNIP]...

1.85. http://sale.images.woot.com/Isotoner_Men_s_GloveszyvThumbnail.jpg [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://sale.images.woot.com
Path:	/Isotoner_Men_s_GloveszyvThumbnail.jpg

Issue detail

Request

GET /Isotoner_Men_s_GloveszyvThumbnail.jpg]]>> HTTP/1.1
Host: sale.images.woot.com
Proxy-Connection: keep-alive
Referer: http://www.woot.com/Forums/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=68a92d94b49fa8ca:T=1300624474:S=ALNI_MYMGDpiaZCYenCyoYfDzME3mF-6iw; __qca=P0-1285104554-1300624487224; __utmz=87498951.1300624488.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=87498951.137914016.1300624488.1300624488.1300624488.2; __utmc=87498951; __utmb=87498951.2.10.1300624488; __unam=b76efe6-12ed3745547-4621ae62-1

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 859A85CA85C6F425
x-amz-id-2: Aai54q7E9oxTaMVA7Ha663pcGpNEccwI3ZYdD6uyZm8Qx74Tyr4D46LaC83TSBEM
Content-Type: application/xml
Date: Sun, 20 Mar 2011 13:46:00 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 0060517ef400fc0ce264b8b0e9f61391b73eb2d004ea7ca998537b9aeb1ba89adc6ff91317d429ce
Via: 1.0 c249a854d569f0b1bebd71559fc52858.cloudfront.net:11180 (CloudFront), 1.0 bb70de28fb8ad22473a6722e58d74965.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>859A85CA85C6F425</RequestId><HostId>Aai54q7E9oxTaMVA7Ha663pcGpNEccwI3ZYdD6uyZm8Qx74Tyr
...[SNIP]...

1.86. http://sale.images.woot.com/Kanen_Earphones4txThumbnail.jpg [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://sale.images.woot.com
Path:	/Kanen_Earphones4txThumbnail.jpg

Issue detail

Request

GET /Kanen_Earphones4txThumbnail.jpg]]>> HTTP/1.1
Host: sale.images.woot.com
Proxy-Connection: keep-alive
Referer: http://www.woot.com/Forums/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=68a92d94b49fa8ca:T=1300624474:S=ALNI_MYMGDpiaZCYenCyoYfDzME3mF-6iw; __qca=P0-1285104554-1300624487224; __utmz=87498951.1300624488.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=87498951.137914016.1300624488.1300624488.1300624488.2; __utmc=87498951; __utmb=87498951.2.10.1300624488; __unam=b76efe6-12ed3745547-4621ae62-1

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 7622154BC127D22C
x-amz-id-2: KDuWiE7N5NH8S7Nhg0GWT9Kk7JopUqJxcA3i6/sxl4sgU1NSRN1clJf0IVhYb2Cs
Content-Type: application/xml
Date: Sun, 20 Mar 2011 13:43:03 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 7511b85a5dc6f3c27d8b488725bf23c5ef0068e9afc0a141864763470f5193a775d592e5cd5b2cb6
Via: 1.0 692c975fab617742d287dbc89a9d21c8.cloudfront.net:11180 (CloudFront), 1.0 bb70de28fb8ad22473a6722e58d74965.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>7622154BC127D22C</RequestId><HostId>KDuWiE7N5NH8S7Nhg0GWT9Kk7JopUqJxcA3i6/sxl4sgU1NSRN
...[SNIP]...

1.87. http://sale.images.woot.com/Mystery_Science_Theater_3000__Volume_XVIII_-_4_DVD_Set46pThumbnail.jpg [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://sale.images.woot.com
Path:	/Mystery_Science_Theater_3000__Volume_XVIII_-_4_DVD_Set46pThumbnail.jpg

Issue detail

Request

GET /Mystery_Science_Theater_3000__Volume_XVIII_-_4_DVD_Set46pThumbnail.jpg]]>> HTTP/1.1
Host: sale.images.woot.com
Proxy-Connection: keep-alive
Referer: http://www.woot.com/Forums/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=68a92d94b49fa8ca:T=1300624474:S=ALNI_MYMGDpiaZCYenCyoYfDzME3mF-6iw; __qca=P0-1285104554-1300624487224; __utmz=87498951.1300624488.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=87498951.137914016.1300624488.1300624488.1300624488.2; __utmc=87498951; __utmb=87498951.2.10.1300624488; __unam=b76efe6-12ed3745547-4621ae62-1

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: D579E01836859DD9
x-amz-id-2: m/2QoXs/JJgA5ucCEGXGWmm8GQNQAP8uIa9PHKiqQicNLVNtCjlCumvAKpq7DjZx
Content-Type: application/xml
Date: Sun, 20 Mar 2011 13:42:50 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 8c481e08d4222b12fea968e31aae6b9ef7dc947860b0b27391ceba77e729eaf05c22664e3557ea2d
Via: 1.0 c249a854d569f0b1bebd71559fc52858.cloudfront.net:11180 (CloudFront), 1.0 bb70de28fb8ad22473a6722e58d74965.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>D579E01836859DD9</RequestId><HostId>m/2QoXs/JJgA5ucCEGXGWmm8GQNQAP8uIa9PHKiqQicNLVNtCj
...[SNIP]...

1.88. http://sale.images.woot.com/Polaroid_14MP_Digital_Camera_with_5x_Optical_Zoom___2_7__LCD_Screenof0Thumbnail.jpg [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://sale.images.woot.com
Path:	/Polaroid_14MP_Digital_Camera_with_5x_Optical_Zoom___2_7__LCD_Screenof0Thumbnail.jpg

Issue detail

Request

GET /Polaroid_14MP_Digital_Camera_with_5x_Optical_Zoom___2_7__LCD_Screenof0Thumbnail.jpg]]>> HTTP/1.1
Host: sale.images.woot.com
Proxy-Connection: keep-alive
Referer: http://www.woot.com/Forums/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=68a92d94b49fa8ca:T=1300624474:S=ALNI_MYMGDpiaZCYenCyoYfDzME3mF-6iw; __qca=P0-1285104554-1300624487224; __utmz=87498951.1300624488.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=87498951.137914016.1300624488.1300624488.1300624488.2; __utmc=87498951; __utmb=87498951.2.10.1300624488; __unam=b76efe6-12ed3745547-4621ae62-1

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 14472329B881BB65
x-amz-id-2: qBuEu5m9aWvRvIpdjrg6P/RrJSG8S4/074kgEWH6zf81qOTKvAWe3PZ+tp2G745k
Content-Type: application/xml
Date: Sun, 20 Mar 2011 13:46:21 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: cd4635e8895da9439e2b7470436e25d7381be1477ffb816c463aa610c37d76304c5a3667c58bfc82
Via: 1.0 631bffa875a37a9e1df8e42a71f3397a.cloudfront.net:11180 (CloudFront), 1.0 4f04a95a9979d0e7d13e48bf3a096c13.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>14472329B881BB65</RequestId><HostId>qBuEu5m9aWvRvIpdjrg6P/RrJSG8S4/074kgEWH6zf81qOTKvA
...[SNIP]...

1.89. http://sale.images.woot.com/ROK_Blocks_Preschool_Deluxe_Building_Set_by_Rokenbokh1nThumbnail.jpg [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://sale.images.woot.com
Path:	/ROK_Blocks_Preschool_Deluxe_Building_Set_by_Rokenbokh1nThumbnail.jpg

Issue detail

Request

GET /ROK_Blocks_Preschool_Deluxe_Building_Set_by_Rokenbokh1nThumbnail.jpg]]>> HTTP/1.1
Host: sale.images.woot.com
Proxy-Connection: keep-alive
Referer: http://www.woot.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 965042B94B046577
x-amz-id-2: 67VlMN1M29EQsvnyh/RnHKZpMQ4u1POooQzd0fq9XBcOZ8JDTn4LJ4MoMGHyINz5
Content-Type: application/xml
Date: Sun, 20 Mar 2011 12:35:31 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 066a86c0c7b8cbf408072af7101b22c333290420eb9a1e1099b1fb17425330cd9b116897439e0305
Via: 1.0 a66b66777bcb1327d43930e7cba65de8.cloudfront.net:11180 (CloudFront), 1.0 e45b1f1e171044cf488be122ea3ff12a.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>965042B94B046577</RequestId><HostId>67VlMN1M29EQsvnyh/RnHKZpMQ4u1POooQzd0fq9XBcOZ8JDTn
...[SNIP]...

1.90. http://sale.images.woot.com/Sony_Dash_Personal_Internet_Viewerqo9Thumbnail.jpg [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://sale.images.woot.com
Path:	/Sony_Dash_Personal_Internet_Viewerqo9Thumbnail.jpg

Issue detail

Request

GET /Sony_Dash_Personal_Internet_Viewerqo9Thumbnail.jpg]]>> HTTP/1.1
Host: sale.images.woot.com
Proxy-Connection: keep-alive
Referer: http://www.woot.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: D9D2AD93D98EF8DD
x-amz-id-2: 3bahltSqOcHDFsvzngOtLuXGGiPT6VBBevWKom3uDmC+ONpb00Zl9LMD1nRKOWlx
Content-Type: application/xml
Date: Sun, 20 Mar 2011 12:35:30 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: cab64499f687cc4e48fc2a33168cb681d94a910b8aadb4bdbf8db182a6b38f8360b3ae8aabf51fed
Via: 1.0 62806950c1110390d39d3d218951cb9b.cloudfront.net:11180 (CloudFront), 1.0 e45b1f1e171044cf488be122ea3ff12a.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>D9D2AD93D98EF8DD</RequestId><HostId>3bahltSqOcHDFsvzngOtLuXGGiPT6VBBevWKom3uDmC+ONpb00
...[SNIP]...

1.91. http://static.woot.com/Flash/SquareTrade/a/quoteBanner.swf [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://static.woot.com
Path:	/Flash/SquareTrade/a/quoteBanner.swf

Issue detail

Request

GET /Flash]]>>/SquareTrade/a/quoteBanner.swf HTTP/1.1
Host: static.woot.com
Proxy-Connection: keep-alive
Referer: http://www.woot.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=68a92d94b49fa8ca:T=1300624474:S=ALNI_MYMGDpiaZCYenCyoYfDzME3mF-6iw; __qca=P0-1285104554-1300624487224

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 9A949214B330BDDD
x-amz-id-2: UjjKu9ZEjdSZcp/fPeU4g3h6L/nnrgbDXkE+ffOiUtZ5ftSFxzvbse7oMDbwCWLI
Content-Type: application/xml
Date: Sun, 20 Mar 2011 12:51:45 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 0cad88cc46ff83b9e30ef855160d1d101eef389c3579e154c08a811df51c56cf59c5227179479d89
Via: 1.0 a66b66777bcb1327d43930e7cba65de8.cloudfront.net:11180 (CloudFront), 1.0 72a8be603340c71a9f89c7db05de74b0.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>9A949214B330BDDD</RequestId><HostId>UjjKu9ZEjdSZcp/fPeU4g3h6L/nnrgbDXkE+ffOiUtZ5ftSFxz
...[SNIP]...

1.92. http://static.woot.com/Flash/SquareTrade/a/quoteBanner.swf [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://static.woot.com
Path:	/Flash/SquareTrade/a/quoteBanner.swf

Issue detail

Request

GET /Flash/SquareTrade]]>>/a/quoteBanner.swf HTTP/1.1
Host: static.woot.com
Proxy-Connection: keep-alive
Referer: http://www.woot.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=68a92d94b49fa8ca:T=1300624474:S=ALNI_MYMGDpiaZCYenCyoYfDzME3mF-6iw; __qca=P0-1285104554-1300624487224

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 0C58BC16DA1F0042
x-amz-id-2: DGjbdLG5fbXbE/vjTDwnSgBLQ4RFvuLIzz6P8bBzq7tUPP+2zeORrh9MUrxxLQ3x
Content-Type: application/xml
Date: Sun, 20 Mar 2011 12:51:48 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 02fb8092047df6a8aafac15ef083a21eb4205fe1811c5d2bf113bdf82c4ff4f104645e06010993d8
Via: 1.0 a66b66777bcb1327d43930e7cba65de8.cloudfront.net:11180 (CloudFront), 1.0 72a8be603340c71a9f89c7db05de74b0.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>0C58BC16DA1F0042</RequestId><HostId>DGjbdLG5fbXbE/vjTDwnSgBLQ4RFvuLIzz6P8bBzq7tUPP+2ze
...[SNIP]...

1.93. http://static.woot.com/Flash/SquareTrade/a/quoteBanner.swf [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://static.woot.com
Path:	/Flash/SquareTrade/a/quoteBanner.swf

Issue detail

Request

GET /Flash/SquareTrade/a]]>>/quoteBanner.swf HTTP/1.1
Host: static.woot.com
Proxy-Connection: keep-alive
Referer: http://www.woot.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=68a92d94b49fa8ca:T=1300624474:S=ALNI_MYMGDpiaZCYenCyoYfDzME3mF-6iw; __qca=P0-1285104554-1300624487224

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: D1594F471A0C043E
x-amz-id-2: U7pmmmbFatOX3PoHOORDbjLUD40LQlcMS6jzA3a1APSbpWplWxkN+/EWKhzJQVdp
Content-Type: application/xml
Date: Sun, 20 Mar 2011 12:51:49 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 4e9e47b3e79fe9e60b1a3bcfd9d4dfa5aac18df3536ec2b8f2b2acbf0de6c64769f958f7f3f19caf
Via: 1.0 e756b6b47c8f9469e963e5f531a3beed.cloudfront.net:11180 (CloudFront), 1.0 72a8be603340c71a9f89c7db05de74b0.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>D1594F471A0C043E</RequestId><HostId>U7pmmmbFatOX3PoHOORDbjLUD40LQlcMS6jzA3a1APSbpWplWx
...[SNIP]...

1.94. http://static.woot.com/Flash/SquareTrade/a/quoteBanner.swf [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://static.woot.com
Path:	/Flash/SquareTrade/a/quoteBanner.swf

Issue detail

Request

GET /Flash/SquareTrade/a/quoteBanner.swf]]>> HTTP/1.1
Host: static.woot.com
Proxy-Connection: keep-alive
Referer: http://www.woot.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=68a92d94b49fa8ca:T=1300624474:S=ALNI_MYMGDpiaZCYenCyoYfDzME3mF-6iw; __qca=P0-1285104554-1300624487224

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: F3229AEF43DFBD6A
x-amz-id-2: LC6iff8dgA5xftmWqty3QBVsM0W6FdFlBdQnA0h6cWuFRyHSoPbptHagj1iE3sAN
Content-Type: application/xml
Date: Sun, 20 Mar 2011 12:51:49 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: a6a0de61e909d655df29d77d3b6f018597e1a371eee4ac94d5bf287cb61eed74d3ce673c151e1ec3
Via: 1.0 86123d99569c9296c8605243e9a10621.cloudfront.net:11180 (CloudFront), 1.0 72a8be603340c71a9f89c7db05de74b0.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>F3229AEF43DFBD6A</RequestId><HostId>LC6iff8dgA5xftmWqty3QBVsM0W6FdFlBdQnA0h6cWuFRyHSoP
...[SNIP]...

1.95. http://www.celebgossipnet.com/wp-content/themes/gossipcity/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://www.celebgossipnet.com
Path:	/wp-content/themes/gossipcity/favicon.ico

Issue detail

Request

GET /wp-content]]>>/themes/gossipcity/favicon.ico HTTP/1.1
Host: www.celebgossipnet.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=fl9c607dfnliv4ei1p9o1h4oe2; __qca=P0-485061537-1300626391651; __utmz=205167490.1300626399.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=205167490.381782026.1300626399.1300626399.1300626399.1; __utmc=205167490; __utmb=205167490.1.10.1300626399; _jsuid=7083869468851009847

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 13:24:15 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.96. http://www.celebgossipnet.com/wp-content/themes/gossipcity/favicon.ico [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://www.celebgossipnet.com
Path:	/wp-content/themes/gossipcity/favicon.ico

Issue detail

Request

GET /wp-content/themes]]>>/gossipcity/favicon.ico HTTP/1.1
Host: www.celebgossipnet.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=fl9c607dfnliv4ei1p9o1h4oe2; __qca=P0-485061537-1300626391651; __utmz=205167490.1300626399.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=205167490.381782026.1300626399.1300626399.1300626399.1; __utmc=205167490; __utmb=205167490.1.10.1300626399; _jsuid=7083869468851009847

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 13:24:16 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.97. http://www.celebgossipnet.com/wp-content/themes/gossipcity/favicon.ico [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://www.celebgossipnet.com
Path:	/wp-content/themes/gossipcity/favicon.ico

Issue detail

Request

GET /wp-content/themes/gossipcity]]>>/favicon.ico HTTP/1.1
Host: www.celebgossipnet.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=fl9c607dfnliv4ei1p9o1h4oe2; __qca=P0-485061537-1300626391651; __utmz=205167490.1300626399.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=205167490.381782026.1300626399.1300626399.1300626399.1; __utmc=205167490; __utmb=205167490.1.10.1300626399; _jsuid=7083869468851009847

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 13:24:17 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.98. http://www.politicaldisgust.com/wp-includes/js/jquery/jquery.js [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://www.politicaldisgust.com
Path:	/wp-includes/js/jquery/jquery.js

Issue detail

Request

GET /wp-includes]]>>/js/jquery/jquery.js?ver=1.2.6 HTTP/1.1
Host: www.politicaldisgust.com
Proxy-Connection: keep-alive
Referer: http://www.politicaldisgust.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 13:14:51 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.99. http://www.politicaldisgust.com/wp-includes/js/jquery/jquery.js [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://www.politicaldisgust.com
Path:	/wp-includes/js/jquery/jquery.js

Issue detail

Request

GET /wp-includes/js]]>>/jquery/jquery.js?ver=1.2.6 HTTP/1.1
Host: www.politicaldisgust.com
Proxy-Connection: keep-alive
Referer: http://www.politicaldisgust.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 13:14:53 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.100. http://www.politicaldisgust.com/wp-includes/js/jquery/jquery.js [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://www.politicaldisgust.com
Path:	/wp-includes/js/jquery/jquery.js

Issue detail

Request

GET /wp-includes/js/jquery]]>>/jquery.js?ver=1.2.6 HTTP/1.1
Host: www.politicaldisgust.com
Proxy-Connection: keep-alive
Referer: http://www.politicaldisgust.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 13:14:54 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.101. http://www.thedailystew.com/_swf/slideshow.swf [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://www.thedailystew.com
Path:	/_swf/slideshow.swf

Issue detail

Request

GET /_swf]]>>/slideshow.swf HTTP/1.1
Host: www.thedailystew.com
Proxy-Connection: keep-alive
Referer: http://www.thedailystew.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ci_session=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22f2dcb93a22fa53868fc5ab5f75a7bf77%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A11%3A%22192.168.0.6%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F5.0+%28Windows%3B+U%3B+Windows+NT+6.1%3B+en-US%29+Ap%22%3Bs%3A13%3A%22last_activity%22%3Bs%3A10%3A%221300626381%22%3B%7Df0e2bc15f1c787c80abc7eaa8ee925b0; __utmz=120169293.1300626387.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=120169293.1785658814.1300626387.1300626387.1300626387.1; __utmc=120169293; __utmb=120169293.1.10.1300626387

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 13:20:43 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.102. http://www.therugged.com/wp-content/plugins/post-expander/post-expander.js [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://www.therugged.com
Path:	/wp-content/plugins/post-expander/post-expander.js

Issue detail

Request

GET /wp-content]]>>/plugins/post-expander/post-expander.js?ver=abc HTTP/1.1
Host: www.therugged.com
Proxy-Connection: keep-alive
Referer: http://therugged.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 12:58:41 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.103. http://www.therugged.com/wp-content/plugins/post-expander/post-expander.js [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://www.therugged.com
Path:	/wp-content/plugins/post-expander/post-expander.js

Issue detail

Request

GET /wp-content/plugins]]>>/post-expander/post-expander.js?ver=abc HTTP/1.1
Host: www.therugged.com
Proxy-Connection: keep-alive
Referer: http://therugged.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 12:58:42 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.104. http://www.therugged.com/wp-content/plugins/post-expander/post-expander.js [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://www.therugged.com
Path:	/wp-content/plugins/post-expander/post-expander.js

Issue detail

Request

GET /wp-content/plugins/post-expander]]>>/post-expander.js?ver=abc HTTP/1.1
Host: www.therugged.com
Proxy-Connection: keep-alive
Referer: http://therugged.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 12:58:44 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.105. http://www.therugged.com/wp-content/plugins/sociable/sociable.css [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://www.therugged.com
Path:	/wp-content/plugins/sociable/sociable.css

Issue detail

Request

GET /wp-content]]>>/plugins/sociable/sociable.css?ver=abc HTTP/1.1
Host: www.therugged.com
Proxy-Connection: keep-alive
Referer: http://therugged.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 12:58:49 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.106. http://www.therugged.com/wp-content/plugins/sociable/sociable.css [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://www.therugged.com
Path:	/wp-content/plugins/sociable/sociable.css

Issue detail

Request

GET /wp-content/plugins]]>>/sociable/sociable.css?ver=abc HTTP/1.1
Host: www.therugged.com
Proxy-Connection: keep-alive
Referer: http://therugged.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 12:58:50 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.107. http://www.therugged.com/wp-content/plugins/sociable/sociable.css [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://www.therugged.com
Path:	/wp-content/plugins/sociable/sociable.css

Issue detail

Request

GET /wp-content/plugins/sociable]]>>/sociable.css?ver=abc HTTP/1.1
Host: www.therugged.com
Proxy-Connection: keep-alive
Referer: http://therugged.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 12:58:52 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.108. http://www.therugged.com/wp-content/plugins/vipers-video-quicktags/resources/swfobject.js [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://www.therugged.com
Path:	/wp-content/plugins/vipers-video-quicktags/resources/swfobject.js

Issue detail

Request

GET /wp-content]]>>/plugins/vipers-video-quicktags/resources/swfobject.js?ver=2.2 HTTP/1.1
Host: www.therugged.com
Proxy-Connection: keep-alive
Referer: http://therugged.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

1.109. http://www.therugged.com/wp-content/plugins/vipers-video-quicktags/resources/swfobject.js [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://www.therugged.com
Path:	/wp-content/plugins/vipers-video-quicktags/resources/swfobject.js

Issue detail

Request

GET /wp-content/plugins]]>>/vipers-video-quicktags/resources/swfobject.js?ver=2.2 HTTP/1.1
Host: www.therugged.com
Proxy-Connection: keep-alive
Referer: http://therugged.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 12:58:54 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.110. http://www.therugged.com/wp-content/plugins/vipers-video-quicktags/resources/swfobject.js [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://www.therugged.com
Path:	/wp-content/plugins/vipers-video-quicktags/resources/swfobject.js

Issue detail

Request

GET /wp-content/plugins/vipers-video-quicktags]]>>/resources/swfobject.js?ver=2.2 HTTP/1.1
Host: www.therugged.com
Proxy-Connection: keep-alive
Referer: http://therugged.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 12:58:55 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.111. http://www.therugged.com/wp-content/plugins/vipers-video-quicktags/resources/swfobject.js [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://www.therugged.com
Path:	/wp-content/plugins/vipers-video-quicktags/resources/swfobject.js

Issue detail

Request

GET /wp-content/plugins/vipers-video-quicktags/resources]]>>/swfobject.js?ver=2.2 HTTP/1.1
Host: www.therugged.com
Proxy-Connection: keep-alive
Referer: http://therugged.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 12:58:56 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.112. http://www.therugged.com/wp-includes/js/jquery/jquery.js [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://www.therugged.com
Path:	/wp-includes/js/jquery/jquery.js

Issue detail

Request

GET /wp-includes]]>>/js/jquery/jquery.js?ver=1.3.2 HTTP/1.1
Host: www.therugged.com
Proxy-Connection: keep-alive
Referer: http://therugged.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 12:59:02 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.113. http://www.therugged.com/wp-includes/js/jquery/jquery.js [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://www.therugged.com
Path:	/wp-includes/js/jquery/jquery.js

Issue detail

Request

GET /wp-includes/js]]>>/jquery/jquery.js?ver=1.3.2 HTTP/1.1
Host: www.therugged.com
Proxy-Connection: keep-alive
Referer: http://therugged.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 12:59:04 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.114. http://www.therugged.com/wp-includes/js/jquery/jquery.js [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://www.therugged.com
Path:	/wp-includes/js/jquery/jquery.js

Issue detail

Request

GET /wp-includes/js/jquery]]>>/jquery.js?ver=1.3.2 HTTP/1.1
Host: www.therugged.com
Proxy-Connection: keep-alive
Referer: http://therugged.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 20 Mar 2011 12:59:05 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

1.115. http://www.wunderground.com/dotunset.php [REST URL parameter 1] previous

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://www.wunderground.com
Path:	/dotunset.php

Issue detail

Request

GET /dotunset.php]]>>?id=2084 HTTP/1.1
Host: www.wunderground.com
Proxy-Connection: keep-alive
Referer: http://usweb.dotomi.com/renderer/delPublishersCookies.html?pid=13200&rurl=http%3A%2F%2Fads.dotomi.com%2Fads.php%3Fpid%3D13200%26mtg%3D0%26ms%3D11%26btg%3D1%26mp%3D1%26dres%3Diframe%26rwidth%3D300%26rheight%3D250%26pp%3D0%26cg%3D2084%26tz%3D300&u=WH9qYVd2Q3FGAWJeBgV%2BWQlbaXsQfgZCDFxlX1ZL&mpc=0&p=13200&pcg=2084&cg=2084&o=2084
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sun, 20 Mar 2011 13:22:29 GMT
Server: Apache/1.3.33 (Unix) PHP/4.4.0
Cache-control: no-cache, must-revalidate, no-cache="Set-Cookie", private
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
X-CreationTime: 0.028
Set-Cookie: DT=1300627349:22718:365-s2; path=/; expires=Fri, 01-Jan-2020 00:00:00 GMT; domain=.wunderground.com
Connection: close
Content-Type: text/html
Content-Length: 21228

<!DOCTYPE HTML>
<html>
   <head>
   <meta name="viewport" content="width=1008px">
   <meta name="description" content="Weather Underground provides weather information for worldwide locations, including cu
...[SNIP]...
<a href="http://wiki.wunderground.com/index.php/API_-_XML">API / XML Feeds</a>
...[SNIP]...

Report generated by XSS.CX at Sun Mar 20 09:18:31 CDT 2011.