1. Cross-site scripting (reflected)
2. Cookie without HttpOnly flag set
3. Cross-domain script include
Severity: | High |
Confidence: | Certain |
Host: | http://www.pr-inside.com |
Path: | /smartertools-introduces |
GET /smartertools-introduces Host: www.pr-inside.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.133 Safari/534.16 Accept: application/xml Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* |
HTTP/1.1 200 OK Date: Wed, 16 Mar 2011 22:44:46 GMT Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny9 with Suhosin-Patch X-Powered-By: PHP/5.2.6-1+lenny9 P3P: policyref="/w3c/p3p.xml", CP="UNI" Set-Cookie: 1239118791=1; expires=Wed, 12-Jun-2019 22:29:43 GMT Set-Cookie: PHPSESSID=374cce868c Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 21980 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR <html xmlns="http://www.w3.org ...[SNIP]... <script type="text/javascript"> var xajaxRequestUri="http:/ var xajaxDebug=false; var xajaxStatusMessages=false var xajaxWaitCursor=true; var xajaxDefinedGet=0; var xajaxDefinedPost=1; var xajaxLoaded=false; function xajax_ctr(){return xajax.call("ctr", arg ...[SNIP]... |
Severity: | High |
Confidence: | Certain |
Host: | http://www.pr-inside.com |
Path: | /smartertools-introduces |
GET /smartertools-introduces Host: www.pr-inside.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.133 Safari/534.16 Accept: application/xml Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* |
HTTP/1.1 200 OK Date: Wed, 16 Mar 2011 22:44:40 GMT Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny9 with Suhosin-Patch X-Powered-By: PHP/5.2.6-1+lenny9 P3P: policyref="/w3c/p3p.xml", CP="UNI" Set-Cookie: 1239118791=1; expires=Wed, 12-Jun-2019 22:29:36 GMT Set-Cookie: PHPSESSID=dd815cf603 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 21983 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR <html xmlns="http://www.w3.org ...[SNIP]... <script type="text/javascript"> var xajaxRequestUri="http:/ var xajaxDebug=false; var xajaxStatusMessages=false var xajaxWaitCursor=true; var xajaxDefinedGet=0; var xajaxDefinedPost=1; var xajaxLoaded=false; function xajax_ctr(){return xajax.call("ctr", a ...[SNIP]... |
Severity: | Low |
Confidence: | Firm |
Host: | http://www.pr-inside.com |
Path: | /smartertools-introduces |
GET /smartertools-introduces Host: www.pr-inside.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.133 Safari/534.16 Accept: application/xml Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* |
HTTP/1.1 200 OK Date: Wed, 16 Mar 2011 22:44:29 GMT Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny9 with Suhosin-Patch X-Powered-By: PHP/5.2.6-1+lenny9 P3P: policyref="/w3c/p3p.xml", CP="UNI" Set-Cookie: 1239118791=1; expires=Wed, 12-Jun-2019 22:29:22 GMT Set-Cookie: PHPSESSID=62d437e58b Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 21952 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR <html xmlns="http://www.w3.org ...[SNIP]... |
Severity: | Information |
Confidence: | Certain |
Host: | http://www.pr-inside.com |
Path: | /smartertools-introduces |
GET /smartertools-introduces Host: www.pr-inside.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.133 Safari/534.16 Accept: application/xml Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* |
HTTP/1.1 200 OK Date: Wed, 16 Mar 2011 22:44:29 GMT Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny9 with Suhosin-Patch X-Powered-By: PHP/5.2.6-1+lenny9 P3P: policyref="/w3c/p3p.xml", CP="UNI" Set-Cookie: 1239118791=1; expires=Wed, 12-Jun-2019 22:29:22 GMT Set-Cookie: PHPSESSID=62d437e58b Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 21952 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR <html xmlns="http://www.w3.org ...[SNIP]... </script> <script type="text/javascript" src="http://s7.addthis ...[SNIP]... </script> <script type="text/javascript" src="http://pagead2 </script> ...[SNIP]... </script> <script type="text/javascript" src="http://pagead2 </script> ...[SNIP]... </script> <script type="text/javascript" src="http://pagead2 </script> ...[SNIP]... |
Severity: | Information |
Confidence: | Certain |
Host: | http://www.pr-inside.com |
Path: | /smartertools-introduces |
GET /smartertools-introduces Host: www.pr-inside.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.133 Safari/534.16 Accept: application/xml Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* |
HTTP/1.1 200 OK Date: Wed, 16 Mar 2011 22:44:29 GMT Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny9 with Suhosin-Patch X-Powered-By: PHP/5.2.6-1+lenny9 P3P: policyref="/w3c/p3p.xml", CP="UNI" Set-Cookie: 1239118791=1; expires=Wed, 12-Jun-2019 22:29:22 GMT Set-Cookie: PHPSESSID=62d437e58b Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 21952 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR <html xmlns="http://www.w3.org ...[SNIP]... <a href="mailto:dcurtis@smartertools.com" title="mailto:dcurtis@smartertools.com">dcurtis@smartertools.com</a> : mailto:dcurtis@smartertools.com <!-- 20110315005734r1.xml --> ...[SNIP]... |